commit d534cfa787cfa077b24e949b19749bd5c6e89a80 (tree)
parent ef7f828338604415549c4ad886358786fdf16c02
Author: Andrew Kelley <andrew@ziglang.org>
Date: Fri, 29 May 2026 05:51:20 +0200
Merge pull request 'std.crypto.aes-siv: Add an assertion for the number of AD inputs' (#31977) from jedisct1/zig:associated-data-vector-length-can-overrun-fixed-stack-buffer into master
Reviewed-on: https://codeberg.org/ziglang/zig/pulls/31977
Reviewed-by: Andrew Kelley <andrew@ziglang.org>
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/std/crypto/aes_siv.zig b/lib/std/crypto/aes_siv.zig
@@ -226,9 +226,10 @@ fn AesSiv(comptime Aes: anytype) type {
/// Encrypts plaintext with multiple associated data components.
/// This is the most general form of AES-SIV encryption that accepts
- /// an arbitrary vector of associated data strings as specified in RFC 5297.
+ /// a vector of up to 126 associated data strings as specified in RFC 5297.
pub fn encryptWithAdVector(c: []u8, tag: *[tag_length]u8, m: []const u8, ad: []const []const u8, key: [key_length]u8) void {
debug.assert(c.len == m.len);
+ debug.assert(ad.len <= 126); // AES-SIV supports at most 126 associated data components
// Split key into K1 (for S2V) and K2 (for CTR)
const k1 = key[0 .. Aes.key_bits / 8];
@@ -260,9 +261,10 @@ fn AesSiv(comptime Aes: anytype) type {
/// Decrypts ciphertext with multiple associated data components.
/// This is the most general form of AES-SIV decryption that accepts
- /// an arbitrary vector of associated data strings as specified in RFC 5297.
+ /// a vector of up to 126 associated data strings as specified in RFC 5297.
pub fn decryptWithAdVector(m: []u8, c: []const u8, tag: [tag_length]u8, ad: []const []const u8, key: [key_length]u8) AuthenticationError!void {
assert(c.len == m.len);
+ assert(ad.len <= 126); // AES-SIV supports at most 126 associated data components
// Split key into K1 (for S2V) and K2 (for CTR)
const k1 = key[0 .. Aes.key_bits / 8];
