Skip to content

Commit 283047b

Browse files
denovosoftwaredenovosoftware
committed
Address out-of-bounds read issue in TGCM by explicitly specifying ciphertext's size in CalcGaloisHash.
1 parent 33e397c commit 283047b

File tree

1 file changed

+16
-10
lines changed

1 file changed

+16
-10
lines changed

Source/DECCipherModesGCM.pas

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -232,10 +232,14 @@ TGCM = class(TObject)
232232
/// <param name="Ciphertext">
233233
/// Encrypted data used in the calculation
234234
/// </param>
235+
/// <param name="CiphertextSize">
236+
/// Length of the ciphertext in bytes. Use when reading part of array.
237+
/// </param>
235238
/// <returns>
236239
/// Calculated raw hash value which will later get returned as AuthenticatedTag
237240
/// </returns>
238-
function CalcGaloisHash(AuthenticatedData, Ciphertext: TBytes): T128;
241+
function CalcGaloisHash(AuthenticatedData, Ciphertext : TBytes; CiphertextSize:
242+
Integer): T128;
239243

240244
/// <summary>
241245
/// Encrypts a T128 value using the encryption method specified on init
@@ -518,23 +522,24 @@ procedure TGCM.Init(EncryptionMethod : TEncodeDecodeMethod;
518522
b^ := 1;
519523
end
520524
else
521-
FY := CalcGaloisHash(nil, InitVector);
525+
FY := CalcGaloisHash(nil, InitVector, length(InitVector));
522526

523527
FEncryptionMethod(@FY[0], @FE_K_Y0[0], 16);
524528
end;
525529

526-
function TGCM.CalcGaloisHash(AuthenticatedData, Ciphertext : TBytes): T128;
530+
function TGCM.CalcGaloisHash(AuthenticatedData, Ciphertext : TBytes;
531+
CiphertextSize: Integer): T128;
527532
var
528533
AuthCipherLength : T128;
529534
x : T128;
530535
n : Uint64;
531536

532-
procedure encode(data : TBytes);
537+
procedure encode(data : TBytes; dataSize: Integer);
533538
var
534539
i, mod_d, div_d, len_d : UInt64;
535540
hdata : T128;
536541
begin
537-
len_d := length(data);
542+
len_d := dataSize;
538543
if (len_d > 0) then
539544
begin
540545
n := 0;
@@ -565,9 +570,10 @@ function TGCM.CalcGaloisHash(AuthenticatedData, Ciphertext : TBytes): T128;
565570

566571
begin
567572
x := nullbytes;
568-
encode(AuthenticatedData);
569-
encode(Ciphertext);
570-
SetAuthenticationCipherLength(AuthCipherLength, length(AuthenticatedData) shl 3, length(ciphertext) shl 3);
573+
encode(AuthenticatedData, length(AuthenticatedData));
574+
Assert(length(Ciphertext) >= CiphertextSize);
575+
encode(Ciphertext, CiphertextSize);
576+
SetAuthenticationCipherLength(AuthCipherLength, length(AuthenticatedData) shl 3, CiphertextSize shl 3);
571577

572578
Result := poly_mult_H(XOR_T128(AuthCipherLength, x));
573579
end;
@@ -598,7 +604,7 @@ procedure TGCM.DecodeGCM(Source, Dest: TBytes; Size: Integer);
598604
XOR_ArrayWithT128(Source, i, UInt64(Size)-i, EncodeT128(FY), Dest);
599605
end;
600606

601-
a_tag := XOR_T128(CalcGaloisHash(DataToAuthenticate, Source), FE_K_Y0);
607+
a_tag := XOR_T128(CalcGaloisHash(DataToAuthenticate, Source, Size), FE_K_Y0);
602608

603609
Setlength(FCalcAuthenticationTag, FCalcAuthenticationTagLength);
604610
Move(a_tag[0], FCalcAuthenticationTag[0], FCalcAuthenticationTagLength);
@@ -642,7 +648,7 @@ procedure TGCM.EncodeGCM(Source, Dest: TBytes; Size: Integer);
642648
XOR_ArrayWithT128(Source, i, UInt64(Size)-i, EncodeT128(FY), Dest);
643649
end;
644650

645-
AuthTag := XOR_T128(CalcGaloisHash(DataToAuthenticate, Dest), FE_K_Y0);
651+
AuthTag := XOR_T128(CalcGaloisHash(DataToAuthenticate, Dest, Size), FE_K_Y0);
646652
Setlength(FCalcAuthenticationTag, FCalcAuthenticationTagLength);
647653
Move(AuthTag[0], FCalcAuthenticationTag[0], FCalcAuthenticationTagLength);
648654
end;

0 commit comments

Comments
 (0)