fix - CCM invalid tag len

Author: karel-m

src/encauth/ccm/ccm_init.c

@@ -29,7 +29,6 @@ int ccm_init(ccm_state *ccm, int cipher,
 
    LTC_ARGCHK(ccm    != NULL);
    LTC_ARGCHK(key    != NULL);
-   LTC_ARGCHK(taglen != 0);
 
    XMEMSET(ccm, 0, sizeof(ccm_state));
 
@@ -41,17 +40,11 @@ int ccm_init(ccm_state *ccm, int cipher,
       return CRYPT_INVALID_CIPHER;
    }
 
-   /* make sure the taglen is even and <= 16 */
-   ccm->taglen = taglen;
-   ccm->taglen &= ~1;
-   if (ccm->taglen > 16) {
-      ccm->taglen = 16;
-   }
-
-   /* can't use < 4 */
-   if (ccm->taglen < 4) {
+   /* make sure the taglen is valid */
+   if (taglen < 4 || taglen > 16 || (taglen % 2) == 1) {
       return CRYPT_INVALID_ARG;
    }
+   ccm->taglen = taglen;
 
    /* schedule key */
    if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ccm->K)) != CRYPT_OK) {

src/encauth/ccm/ccm_memory.c

@@ -80,14 +80,8 @@ int ccm_memory(int cipher,
       return CRYPT_INVALID_CIPHER;
    }
 
-   /* make sure the taglen is even and <= 16 */
-   *taglen &= ~1;
-   if (*taglen > 16) {
-      *taglen = 16;
-   }
-
-   /* can't use < 4 */
-   if (*taglen < 4) {
+   /* make sure the taglen is valid */
+   if (*taglen < 4 || *taglen > 16 || (*taglen % 2) == 1) {
       return CRYPT_INVALID_ARG;
    }
 

src/encauth/ccm/ccm_test.c

@@ -269,8 +269,7 @@ int ccm_test(void)
       err = ccm_memory(idx, key, sizeof(key), NULL, iv, sizeof(iv), NULL, 0,
                        pt, sizeof(ct), ct, invalid_tag, &taglen, CCM_DECRYPT);
       if (err == CRYPT_OK) {
-         fprintf(stderr, "XXX-FIXME ccm_memory should reject invalid tag\n");
-         /* return CRYPT_FAIL_TESTVECTOR; */
+         return CRYPT_FAIL_TESTVECTOR; /* should fail */
       }
    }