Fix additional data length field check for CCM The CCM specification (NIST SP 800-38C) mandates that the formatting of the additional data length l(a) changes when it is greater _or equal_ to 2^16 - 2^8 (>= 0xFF00). Since such lengths are not supported in mbed TLS, the operation should fail in such cases. This commit fixes an off-by-one error which allowed encryption/decryption to be executed when l(a) was equal to 0xFF00, resulting in an incorrect/non-standard length format being used. Fixes #3719. Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>

commit: 5e940c6068c652b6fcb32f7393e80689561255fe [log] [tgz]
author: Fredrik Strupe <fredrik.strupe@silabs.com> Thu Oct 08 11:52:50 2020 +0200
committer: Fredrik Strupe <fredrik.strupe@silabs.com> Thu Oct 08 12:09:44 2020 +0200
tree: a454a906e2f44d745d0d137300414e19cd80d45e
parent: 7829748cd49f64c4bfdf534b452268aeab828498 [diff] [blame]
diff --git a/library/ccm.c b/library/ccm.c
index e6ca588..424ee77 100644
--- a/library/ccm.c
+++ b/library/ccm.c

@@ -175,7 +175,7 @@
     if( iv_len < 7 || iv_len > 13 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( add_len > 0xFF00 )
+    if( add_len >= 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
     q = 16 - 1 - (unsigned char) iv_len;
commit	5e940c6068c652b6fcb32f7393e80689561255fe	[log] [tgz]
author	Fredrik Strupe <fredrik.strupe@silabs.com>	Thu Oct 08 11:52:50 2020 +0200
committer	Fredrik Strupe <fredrik.strupe@silabs.com>	Thu Oct 08 12:09:44 2020 +0200
tree	a454a906e2f44d745d0d137300414e19cd80d45e
parent	7829748cd49f64c4bfdf534b452268aeab828498 [diff] [blame]