From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 14 Jul 2020 15:04:30 +0000 (+0200)
Subject: siv: add more assertions
X-Git-Tag: 4.0-pre3~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32a82a38fddf5829fe0d40e173d7fa76fcaf412a;p=thirdparty%2Fchrony.git

siv: add more assertions

Make sure the returned tag and key lengths are sane.
---

diff --git a/siv_gnutls.c b/siv_gnutls.c
index d909acb0..bc93f015 100644
--- a/siv_gnutls.c
+++ b/siv_gnutls.c
@@ -134,11 +134,17 @@ int
 SIV_GetKeyLength(SIV_Algorithm algorithm)
 {
   gnutls_cipher_algorithm_t calgo = get_cipher_algorithm(algorithm);
+  int len;
 
   if (calgo == 0)
     return 0;
 
-  return gnutls_cipher_get_key_size(calgo);
+  len = gnutls_cipher_get_key_size(calgo);
+
+  if (len < 1 || len > SIV_MAX_KEY_LENGTH)
+    LOG_FATAL("Invalid key length");
+
+  return len;
 }
 
 /* ================================================== */
@@ -177,7 +183,14 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 int
 SIV_GetTagLength(SIV_Instance instance)
 {
-  return gnutls_cipher_get_tag_size(instance->algorithm);
+  int len;
+
+  len = gnutls_cipher_get_tag_size(instance->algorithm);
+
+  if (len < 1 || len > SIV_MAX_TAG_LENGTH)
+    LOG_FATAL("Invalid tag length");
+
+  return len;
 }
 
 /* ================================================== */
diff --git a/siv_nettle.c b/siv_nettle.c
index a08a8d1b..43a84b80 100644
--- a/siv_nettle.c
+++ b/siv_nettle.c
@@ -69,6 +69,8 @@ SIV_DestroyInstance(SIV_Instance instance)
 int
 SIV_GetKeyLength(SIV_Algorithm algorithm)
 {
+  assert(32 <= SIV_MAX_KEY_LENGTH);
+
   if (algorithm == AEAD_AES_SIV_CMAC_256)
     return 32;
   return 0;
@@ -92,6 +94,8 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 int
 SIV_GetTagLength(SIV_Instance instance)
 {
+  assert(SIV_DIGEST_SIZE <= SIV_MAX_TAG_LENGTH);
+
   return SIV_DIGEST_SIZE;
 }