From 15785bc9fb1787554bf371945ecb191830c15bfd Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 23 Mar 2016 11:07:52 +0100
Subject: cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag.

* cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided
tag length matches the actual tag length.  Avoid gratuitous return
statements.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 cipher/cipher-gcm.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index cb81ea93..5e9dec48 100644
--- a/cipher/cipher-gcm.c
+++ b/cipher/cipher-gcm.c
@@ -803,13 +803,18 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c,
 
   if (!check)
     {
+      /* NB: We already checked that OUTBUF is large enough to hold
+         the result.  */
       memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN);
-      return GPG_ERR_NO_ERROR;
     }
   else
     {
-      return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN) ?
-               GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM;
+      /* OUTBUFLEN gives the length of the user supplied tag in OUTBUF
+       * and thus we need to compare its length first.  */
+      if (outbuflen != GCRY_GCM_BLOCK_LEN
+          || !buf_eq_const (outbuf, c->u_mode.gcm.u_tag.tag,
+                            GCRY_GCM_BLOCK_LEN))
+        return GPG_ERR_CHECKSUM;
     }
 
   return 0;
-- 
cgit v1.2.1