OCBv3: ocb3_init taglen check

2017-08-07 18:14:19 +02:00 · 2017-08-07 18:14:19 +02:00 · f647baa778
commit f647baa778
parent af63d0a55f
2 changed files with 9 additions and 4 deletions
--- a/src/encauth/ocb3/ocb3_init.c
+++ b/src/encauth/ocb3/ocb3_init.c
@ -114,9 +114,14 @@ int ocb3_init(ocb3_state *ocb, int cipher,
      return CRYPT_INVALID_ARG;
   }

-   /* Make sure taglen isn't too long */
-   if (taglen > (unsigned long)cipher_descriptor[cipher].block_length) {
-      taglen = cipher_descriptor[cipher].block_length;
+   /* The blockcipher must have a 128-bit blocksize */
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* The TAGLEN may be any value up to 128 (bits) */
+   if (taglen > 16) {
+      return CRYPT_INVALID_ARG;
   }
   ocb->tag_len = taglen;

--- a/src/encauth/ocb3/ocb3_test.c
+++ b/src/encauth/ocb3/ocb3_test.c
@ -215,7 +215,7 @@ int ocb3_test(void)
    }

    for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
-        len = sizeof(outtag);
+        len = 16; /* must be the same as the required taglen */
        if ((err = ocb3_encrypt_authenticate_memory(idx,
                                                   key, sizeof(key),
                                                   nonce, sizeof(nonce),