gnutls_aead_cipher_decrypt() doesn't check plaintext length
Description of problem:
I was testing a code using the new AES-SIV-CMAC support in gnutls and I noticed an unexpected behavior of gnutls_aead_cipher_decrypt()
. The documentation says about ptext_len
that it "initially must hold the maximum available size", which indicates it's not just an output parameter and the function is supposed to check the plaintext length. But it seems that it decrypts the data even when the initial ptext_len
is shorter than ctext_len - tag_len
.
Version of gnutls used:
3.6.14
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora