siv: add more assertions

Make sure the returned tag and key lengths are sane.
2025-12-03 22:45:07 -05:00 · 2020-07-14 17:04:30 +02:00
parent 66e097e3e6
commit 32a82a38fd
2 changed files with 19 additions and 2 deletions
--- a/siv_gnutls.c
+++ b/siv_gnutls.c
@@ -134,11 +134,17 @@ int
 SIV_GetKeyLength(SIV_Algorithm algorithm)
 {
  gnutls_cipher_algorithm_t calgo = get_cipher_algorithm(algorithm);
  int len;
  if (calgo == 0)
    return 0;
-  return gnutls_cipher_get_key_size(calgo);
+  len = gnutls_cipher_get_key_size(calgo);
  if (len < 1 || len > SIV_MAX_KEY_LENGTH)
    LOG_FATAL("Invalid key length");
  return len;
 }
 /* ================================================== */
@@ -177,7 +183,14 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 int
 SIV_GetTagLength(SIV_Instance instance)
 {
-  return gnutls_cipher_get_tag_size(instance->algorithm);
+  int len;
  len = gnutls_cipher_get_tag_size(instance->algorithm);
  if (len < 1 || len > SIV_MAX_TAG_LENGTH)
    LOG_FATAL("Invalid tag length");
  return len;
 }
 /* ================================================== */
--- a/siv_nettle.c
+++ b/siv_nettle.c
@@ -69,6 +69,8 @@ SIV_DestroyInstance(SIV_Instance instance)
 int
 SIV_GetKeyLength(SIV_Algorithm algorithm)
 {
  assert(32 <= SIV_MAX_KEY_LENGTH);
  if (algorithm == AEAD_AES_SIV_CMAC_256)
    return 32;
  return 0;
@@ -92,6 +94,8 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 int
 SIV_GetTagLength(SIV_Instance instance)
 {
  assert(SIV_DIGEST_SIZE <= SIV_MAX_TAG_LENGTH);
  return SIV_DIGEST_SIZE;
 }