Getting an HMAC too long to fit our array is a programming error. It
should always be 64 bytes exactly.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
NTSTATUS status;
int rc;
+ /*
+ * We don't want to overflow 'pauth_tag', which is 64 bytes in
+ * size.
+ */
+ SMB_ASSERT(hmac_size == 64);
+
if (plaintext->length == 0 || cek->length == 0 ||
key_salt->length == 0 || mac_salt->length == 0 || iv->length == 0) {
return NT_STATUS_INVALID_PARAMETER;
* TODO: Use gnutls_cipher_encrypt3()
*/
- if (hmac_size > 64) {
- /*
- * We don't want to overflow 'pauth_tag', which is 64 bytes in
- * size.
- */
- return NT_STATUS_INVALID_BUFFER_SIZE;
- }
-
if (plaintext->length + aes_block_size < plaintext->length) {
return NT_STATUS_INVALID_BUFFER_SIZE;
}