Error handling of ccm assosiate data length. #3719
Labels
Comments
|
Thank you for reporting this bug! |
frestr
pushed a commit
to frestr/mbedtls
that referenced
this issue
Oct 8, 2020
The CCM specification (NIST SP 800-38C) mandates that the formatting of the additional data length l(a) changes when it is greater _or equal_ to 2^16 - 2^8 (>= 0xFF00). Since such lengths are not supported in mbed TLS, the operation should fail in such cases. This commit fixes an off-by-one error which allowed encryption/decryption to be executed when l(a) was equal to 0xFF00, resulting in an incorrect/non-standard length format being used. Fixes Mbed-TLS#3719. Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note: This is just a template, so feel free to use/remove the unnecessary things
Description
Bug
OS
Mbed OS|linux|windows|
mbed TLS build:
Version: x.x.x or git commit id
OS version: x.x.x
Configuration: please attach config.h file where possible
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:
Peer device TLS stack and version
OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other
Version:
Expected behavior
Actual behavior
Steps to reproduce
Enhancement\Feature Request
Justification - why does the library need this feature?
Suggested enhancement
Question
Please first check for answers in the Mbed TLS knowledge Base. If you can't find the answer you're looking for then please use the Mbed TLS mailing list
I found an issue in ccm implementation. code block as follows:
I think as your intent
Line#178 should be add_len >= 0xFF00
otherwise
line#224 to line#225 is conflicting with standard when aad_len = 0xFF00. because per standard aad_len should encoded as six octets but current is 2.
The text was updated successfully, but these errors were encountered: