if (unlikely(src_size % 16 != 0))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
aes_v8_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
ctx->iv, 1);
return 0;
if (unlikely(src_size % 16 != 0))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
aes_v8_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
ctx->iv, 0);
if (unlikely(encr_size < tag_size))
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ if (unlikely(plain_size < encr_size - tag_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
ret = ccm_decrypt_message(&ctx->key, aarch64_aes_encrypt,
nonce_size, nonce,
auth_size, auth,
if (unlikely(ctx->finished))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(length < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (blocks > 0) {
ctr32_encrypt_blocks(src, dst,
blocks,
if (unlikely(ctx->finished))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
gcm_ghash(ctx, src, src_size);
ctx->gcm.len.u[1] += src_size;
return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
}
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
iov.iov_base = (void *)dst;
- iov.iov_len = (src_size > dst_size) ? dst_size : src_size;
+ iov.iov_len = src_size;
if (kcapi_cipher_stream_op(ctx->handle, &iov, 1) < 0) {
gnutls_assert();
return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
}
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
iov.iov_base = (void *)dst;
- iov.iov_len = (src_size > dst_size) ? dst_size : src_size;
+ iov.iov_len = src_size;
if (kcapi_cipher_stream_op(ctx->handle, &iov, 1) < 0) {
gnutls_assert();
goto end;
}
+ if (unlikely(plain_size < encr_size - tag_size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto end;
+ }
+
/* Init stream once. */
if (!ctx->taglen_set) {
ctx->taglen_set = 1;
* encrypted data.
*/
if (dst_size < src_size + GCM_BLOCK_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
ctx->cryp.len = src_size;
ctx->cryp.src = (void *) src;
ctx->cryp.auth_len = ctx->auth_data_size;
ctx->cryp.auth_src = ctx->auth_data;
+ if (dst_size < src_size - GCM_BLOCK_SIZE)
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
gnutls_assert();
return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
ctx->cryp.op = COP_ENCRYPT;
ctx->cryp.flags = COP_FLAG_WRITE_IV;
+ if (unlikely(dst_size < src_size)) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
gnutls_assert();
return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
ctx->cryp.op = COP_DECRYPT;
ctx->cryp.flags = COP_FLAG_WRITE_IV;
+ if (unlikely(dst_size < src_size)) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
gnutls_assert();
return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
{
struct aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (unlikely(src_size % 16 != 0))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
{
struct aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (unlikely(src_size % 16 != 0))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
{
struct aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (unlikely(src_size % 16 != 0))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
{
struct aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (unlikely(src_size % 16 != 0))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (unlikely(encr_size < tag_size))
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ if (unlikely(plain_size < encr_size - tag_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
ret = ccm_decrypt_message(&ctx->key, x86_aes_encrypt,
nonce_size, nonce,
auth_size, auth,
void *encr, size_t encr_size)
{
/* proper AEAD cipher */
- if (encr_size < plain_size + tag_size)
+ if (unlikely(encr_size < plain_size + tag_size))
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
aes_gcm_setiv(ctx, nonce, nonce_size);
{
uint8_t tag[MAX_HASH_SIZE];
- if (encr_size < tag_size)
+ if (unlikely(encr_size < tag_size))
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ if (unlikely(plain_size < encr_size - tag_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
aes_gcm_setiv(ctx, nonce, nonce_size);
aes_gcm_auth(ctx, auth, auth_size);
{
struct gcm_padlock_aes_ctx *ctx = _ctx;
+ if (unlikely(length < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
return 0;
{
struct gcm_padlock_aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
return 0;
}
{
struct gcm_x86_aes_ctx *ctx = _ctx;
+ if (unlikely(length < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
return 0;
{
struct gcm_x86_aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
return 0;
}
if (unlikely(ctx->finished))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(length < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (blocks > 0) {
aesni_ctr32_encrypt_blocks(src, dst,
blocks,
if (unlikely(encr_size < tag_size))
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ if (unlikely(plain_size < encr_size - tag_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
aes_gcm_setiv(ctx, nonce, nonce_size);
aes_gcm_auth(ctx, auth, auth_size);
encr_size -= tag_size;
- if (unlikely(plain_size < encr_size))
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
-
if (encr_size >= 96) {
s = aesni_gcm_decrypt(encr, plain, encr_size, ALIGN16(&ctx->expanded_key),
ctx->gcm.Yi.c, ctx->gcm.Xi.u);
if (unlikely(ctx->finished))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(length < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (blocks > 0) {
aesni_ctr32_encrypt_blocks(src, dst,
blocks,
if (unlikely(ctx->finished))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
gcm_ghash(ctx, src, src_size);
ctx->gcm.len.u[1] += src_size;
{
struct gcm_x86_aes_ctx *ctx = _ctx;
+ if (unlikely(length < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
return 0;
{
struct gcm_x86_aes_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
return 0;
}
struct padlock_cipher_data *pce;
int ret = 1;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
pce = ALIGN16(&ctx->expanded_key);
if (src_size > 0)
struct padlock_cipher_data *pcd;
int ret = 1;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
pcd = ALIGN16(&ctx->expanded_key);
if (src_size > 0)
{
struct x86_aes_xts_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (src_size < 16)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
{
struct x86_aes_xts_ctx *ctx = _ctx;
+ if (unlikely(dst_size < src_size))
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
if (src_size < 16)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
projects / thirdparty / gnutls.git / commitdiff
