Fix off-by-one in iv_off check and add tests

2025-12-21 21:36:21 +01:00 · 2018-12-18 12:09:02 +01:00 · 2018-12-18 12:09:02 +01:00 · e55e103bfe
commit e55e103bfe
parent 5b89c09273
2 changed files with 16 additions and 2 deletions
--- a/library/aes.c
+++ b/library/aes.c
@ -1298,7 +1298,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,

    n = *iv_off;

-    if( n > 16 )
+    if( n > 15 )
        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );

    if( mode == MBEDTLS_AES_DECRYPT )
@ -1394,7 +1394,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,

    n = *iv_off;

-    if( n > 16 )
+    if( n > 15 )
        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );

    while( length-- )