ocb3: properly handle empty AAD
* allow passing "no additional data" to ocb3_decrypt_verify_memory() and ocb3_encrypt_authenticate_memory() * ensure that the caller didn't want to add AAD
This commit is contained in:
parent
4805c89adb
commit
b2448c593a
@ -29,9 +29,10 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen
|
||||
unsigned long datalen, l;
|
||||
|
||||
LTC_ARGCHK(ocb != NULL);
|
||||
LTC_ARGCHK(aad != NULL);
|
||||
if (aad == NULL) LTC_ARGCHK(aadlen == 0);
|
||||
if (aadlen == 0) LTC_ARGCHK(aad == NULL);
|
||||
|
||||
if (aadlen == 0) return CRYPT_OK;
|
||||
if (aad == NULL || aadlen == 0) return CRYPT_OK;
|
||||
|
||||
if (ocb->adata_buffer_bytes > 0) {
|
||||
l = ocb->block_len - ocb->adata_buffer_bytes;
|
||||
|
@ -73,9 +73,11 @@ int ocb3_decrypt_verify_memory(int cipher,
|
||||
goto LBL_ERR;
|
||||
}
|
||||
|
||||
if (adata != NULL || adatalen != 0) {
|
||||
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
|
@ -59,9 +59,11 @@ int ocb3_encrypt_authenticate_memory(int cipher,
|
||||
goto LBL_ERR;
|
||||
}
|
||||
|
||||
if (adata != NULL || adatalen != 0) {
|
||||
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
|
@ -180,7 +180,7 @@ int ocb3_test(void)
|
||||
if ((err = ocb3_encrypt_authenticate_memory(idx,
|
||||
key, sizeof(key),
|
||||
nonce, sizeof(nonce),
|
||||
tests[x].aad, tests[x].aadlen,
|
||||
tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
|
||||
tests[x].pt, tests[x].ptlen,
|
||||
outct, outtag, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
@ -194,7 +194,7 @@ int ocb3_test(void)
|
||||
if ((err = ocb3_decrypt_verify_memory(idx,
|
||||
key, sizeof(key),
|
||||
nonce, sizeof(nonce),
|
||||
tests[x].aad, tests[x].aadlen,
|
||||
tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
|
||||
outct, tests[x].ptlen,
|
||||
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
|
||||
return err;
|
||||
@ -212,13 +212,6 @@ int ocb3_test(void)
|
||||
|
||||
#endif /* LTC_OCB3_MODE */
|
||||
|
||||
/* some comments
|
||||
|
||||
-- it's hard to seek
|
||||
-- hard to stream [you can't emit ciphertext until full block]
|
||||
-- The setup is somewhat complicated...
|
||||
*/
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
||||
|
Loading…
Reference in New Issue
Block a user