iv-gen: Fail getting shorter IV values than the used counter size

While no algorithm actually uses such short IVs, we add a check here to ensure we won't return just the lower bits of the counter.
author: Martin Willi <martin@revosec.ch> 2015-04-17 16:16:45 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2015-06-01 09:42:10 +0200
commit: ef31254d342d23cfbeb1b0030c9c6293545fca9d (patch)
tree: 0a37377c878af7b22a796b209eeb92cb743ff8b6 /src/libstrongswan/crypto/iv
parent: d0ed1079103334680b1b775b5217709cd26d6ab6 (diff)
download: strongswan-ef31254d342d23cfbeb1b0030c9c6293545fca9d.tar.bz2
strongswan-ef31254d342d23cfbeb1b0030c9c6293545fca9d.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
index 70f1fce38..4de13744d 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_seq.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
@@ -53,6 +53,10 @@ METHOD(iv_gen_t, get_iv, bool,
 	{
 		return FALSE;
 	}
+	if (size < sizeof(u_int64_t))
+	{
+		return FALSE;
+	}
 	if (this->prev != SEQ_IV_INIT_STATE && seq <= this->prev)
 	{
 		return FALSE;
author	Martin Willi <martin@revosec.ch>	2015-04-17 16:16:45 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2015-06-01 09:42:10 +0200
commit	ef31254d342d23cfbeb1b0030c9c6293545fca9d (patch)
tree	0a37377c878af7b22a796b209eeb92cb743ff8b6 /src/libstrongswan/crypto/iv
parent	d0ed1079103334680b1b775b5217709cd26d6ab6 (diff)
download	strongswan-ef31254d342d23cfbeb1b0030c9c6293545fca9d.tar.bz2 strongswan-ef31254d342d23cfbeb1b0030c9c6293545fca9d.tar.xz