From 28ccbe57ccb4c2112cf0839e80d3faa4723cd8de Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Sun, 31 Jul 2022 18:08:46 +0800
Subject: [PATCH] Add args checking to GCM mode

---
 include/gmssl/aes.h | 2 ++
 include/gmssl/sm4.h | 2 ++
 src/aes_modes.c     | 5 +++++
 src/sm4_modes.c     | 5 +++++
 4 files changed, 14 insertions(+)

diff --git a/include/gmssl/aes.h b/include/gmssl/aes.h
index 8521f5b2..6f73ae48 100644
--- a/include/gmssl/aes.h
+++ b/include/gmssl/aes.h
@@ -112,6 +112,8 @@ void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
 #define AES_GCM_MIN_PLAINTEXT_SIZE	0
 #define AES_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
 
+#define AES_GCM_MAX_TAG_SIZE		16
+
 int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
 	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
 	uint8_t *out, size_t taglen, uint8_t *tag);
diff --git a/include/gmssl/sm4.h b/include/gmssl/sm4.h
index 31b2f916..5327e82d 100644
--- a/include/gmssl/sm4.h
+++ b/include/gmssl/sm4.h
@@ -121,6 +121,8 @@ void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
 #define SM4_GCM_MIN_PLAINTEXT_SIZE	0
 #define SM4_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
 
+#define SM4_GCM_MAX_TAG_SIZE		16
+
 int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
 	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
 	uint8_t *out, size_t taglen, uint8_t *tag);
diff --git a/src/aes_modes.c b/src/aes_modes.c
index 951640f9..3461bccb 100644
--- a/src/aes_modes.c
+++ b/src/aes_modes.c
@@ -170,6 +170,11 @@ int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
 	uint8_t Y[16];
 	uint8_t T[16];
 
+	if (taglen > AES_GCM_MAX_TAG_SIZE) {
+		error_print();
+		return -1;
+	}
+
 	aes_encrypt(key, H, H);
 
 	if (ivlen == 12) {
diff --git a/src/sm4_modes.c b/src/sm4_modes.c
index b04991e0..5ffab168 100644
--- a/src/sm4_modes.c
+++ b/src/sm4_modes.c
@@ -166,6 +166,11 @@ int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
 	uint8_t Y[16];
 	uint8_t T[16];
 
+	if (taglen > SM4_GCM_MAX_TAG_SIZE) {
+		error_print();
+		return -1;
+	}
+
 	sm4_encrypt(key, H, H);
 
 	if (ivlen == 12) {