From 607aa6fbcd6d007dd250bddce4267d3e5e893e06 Mon Sep 17 00:00:00 2001
From: Alexandre Abadie <alexandre.abadie@inria.fr>
Date: Wed, 6 Nov 2019 12:14:05 +0100
Subject: [PATCH] sys/crypto/ocb: fix max data condition

---
 sys/crypto/modes/ocb.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sys/crypto/modes/ocb.c b/sys/crypto/modes/ocb.c
index d7d0b6840e..e9dcf26a66 100644
--- a/sys/crypto/modes/ocb.c
+++ b/sys/crypto/modes/ocb.c
@@ -319,8 +319,7 @@ int32_t cipher_decrypt_ocb(cipher_t *cipher, uint8_t *auth_data,
                            uint8_t tag_len, uint8_t *nonce, size_t nonce_len,
                            uint8_t *input, size_t input_len, uint8_t *output)
 {
-
-    if (input_len - tag_len > INT32_MAX) {
+    if (input_len > (uint32_t)(INT32_MAX + tag_len)) {
         // We would not be able to return the proper output length for data this long
         return OCB_ERR_INVALID_DATA_LENGTH;
     }