From 7d418b34b3fe6d49354d5a9ef5a442c387a1bd06 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Wed, 28 Sep 2016 20:17:53 +0200
Subject: [PATCH] Fix GCM counter reuse

GCM should error out after processing (2^32)-1 blocks / (2^39)-256 bits
---
 src/encauth/gcm/gcm_process.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c
index 08921dbc..d1f3fd1a 100644
--- a/src/encauth/gcm/gcm_process.c
+++ b/src/encauth/gcm/gcm_process.c
@@ -49,6 +49,11 @@ int gcm_process(gcm_state *gcm,
       return err;
    }
 
+   /* 0xFFFFFFFE0 = ((2^39)-256)/8 */
+   if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* in AAD mode? */
    if (gcm->mode == LTC_GCM_MODE_AAD) {
       /* let's process the AAD */