From 9bb9b91749c24fb8ecf7b3fb93c4104cc7b2a15c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Thu, 9 Dec 2021 10:22:39 +0100
Subject: [PATCH] Nettle.CCM: Fix handling of authenticated data of lengths
 14-0xfeff.

Thanks to Joshua Rogers for the report and test vector.

Fixes #10074.
---
 src/post_modules/Nettle/cipher.cmod  | 2 +-
 src/post_modules/Nettle/testsuite.in | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/post_modules/Nettle/cipher.cmod b/src/post_modules/Nettle/cipher.cmod
index dd65623b63..053d7f8c69 100644
--- a/src/post_modules/Nettle/cipher.cmod
+++ b/src/post_modules/Nettle/cipher.cmod
@@ -2154,7 +2154,7 @@ PIKECLASS BlockCipher16
 	      memxor(buf[1]+2, ptr, asize);
 	      asize = 0;
 	    } else {
-	      memxor(buf[1], ptr, 14);
+	      memxor(buf[1]+2, ptr, 14);
 	      ptr += 14;
 	      asize -= 14;
 	    }
diff --git a/src/post_modules/Nettle/testsuite.in b/src/post_modules/Nettle/testsuite.in
index 581efd33ed..d01d416b63 100644
--- a/src/post_modules/Nettle/testsuite.in
+++ b/src/post_modules/Nettle/testsuite.in
@@ -840,6 +840,15 @@ test_aead(Crypto.AES.CCM,
 	"F3 29 05 B8  8A 64 1B 04  B9 C9 FF B5  8C C3 90 90  0F 3D A1 2A  B1",
 	"6D CE 9E 82  EF A1 6D A6  20 59", 10)
 
+dnl Bug #10074 - Broken digest for authenticated data of lengths 14 - 0xfeff.
+test_aead(Crypto.AES.CCM,
+	"1a44f3550688fddbc1e5041dc98952c0",
+	"5d2904298f668ba95eaa1797",
+	"d55908958b70abee81054cdf3d3df5",
+	"",
+	"",
+	"5c71b4f069cfa13b7634db4b13e7be7d")
+
 cond_resolv( Crypto.AES.GCM, [[
   test_eq( Crypto.AES.GCM()->block_size(), 16 )
   test_eq( Crypto.AES.GCM()->key_size(), 0 )
-- 
GitLab