From 32a82a38fddf5829fe0d40e173d7fa76fcaf412a Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 14 Jul 2020 17:04:30 +0200
Subject: [PATCH] siv: add more assertions

Make sure the returned tag and key lengths are sane.
---
 siv_gnutls.c | 17 +++++++++++++++--
 siv_nettle.c |  4 ++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/siv_gnutls.c b/siv_gnutls.c
index d909acb..bc93f01 100644
--- a/siv_gnutls.c
+++ b/siv_gnutls.c
@@ -134,11 +134,17 @@ int
 SIV_GetKeyLength(SIV_Algorithm algorithm)
 {
   gnutls_cipher_algorithm_t calgo = get_cipher_algorithm(algorithm);
+  int len;
 
   if (calgo == 0)
     return 0;
 
-  return gnutls_cipher_get_key_size(calgo);
+  len = gnutls_cipher_get_key_size(calgo);
+
+  if (len < 1 || len > SIV_MAX_KEY_LENGTH)
+    LOG_FATAL("Invalid key length");
+
+  return len;
 }
 
 /* ================================================== */
@@ -177,7 +183,14 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 int
 SIV_GetTagLength(SIV_Instance instance)
 {
-  return gnutls_cipher_get_tag_size(instance->algorithm);
+  int len;
+
+  len = gnutls_cipher_get_tag_size(instance->algorithm);
+
+  if (len < 1 || len > SIV_MAX_TAG_LENGTH)
+    LOG_FATAL("Invalid tag length");
+
+  return len;
 }
 
 /* ================================================== */
diff --git a/siv_nettle.c b/siv_nettle.c
index a08a8d1..43a84b8 100644
--- a/siv_nettle.c
+++ b/siv_nettle.c
@@ -69,6 +69,8 @@ SIV_DestroyInstance(SIV_Instance instance)
 int
 SIV_GetKeyLength(SIV_Algorithm algorithm)
 {
+  assert(32 <= SIV_MAX_KEY_LENGTH);
+
   if (algorithm == AEAD_AES_SIV_CMAC_256)
     return 32;
   return 0;
@@ -92,6 +94,8 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 int
 SIV_GetTagLength(SIV_Instance instance)
 {
+  assert(SIV_DIGEST_SIZE <= SIV_MAX_TAG_LENGTH);
+
   return SIV_DIGEST_SIZE;
 }