[PATCH 2/2] Fix buffer overrun in gettag for Poly1305
Peter Wu
peter at lekensteyn.nl
Wed Mar 23 03:45:21 CET 2016
* cipher/cipher-poly1305.c: copy a fixed length instead of the
user-supplied number.
--
The outbuflen is used to check the minimum size, the real tag is always
of fixed length.
Signed-off-by: Peter Wu <peter at lekensteyn.nl>
---
cipher/cipher-poly1305.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c
index 965a7b6..fb81774 100644
--- a/cipher/cipher-poly1305.c
+++ b/cipher/cipher-poly1305.c
@@ -215,7 +215,7 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c,
{
gcry_err_code_t err;
- if (outbuflen < GCRY_GCM_BLOCK_LEN)
+ if (outbuflen < POLY1305_TAGLEN)
return GPG_ERR_BUFFER_TOO_SHORT;
if (c->u_mode.poly1305.bytecount_over_limits)
return GPG_ERR_INV_LENGTH;
@@ -244,10 +244,10 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c,
}
if (check)
- return buf_eq_const(outbuf, c->u_iv.iv, outbuflen) ?
+ return buf_eq_const(outbuf, c->u_iv.iv, POLY1305_TAGLEN) ?
GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM;
- memcpy (outbuf, c->u_iv.iv, outbuflen);
+ memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN);
return GPG_ERR_NO_ERROR;
}
--
2.7.4
More information about the Gcrypt-devel
mailing list