mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 19:51:12 +00:00
Fix possible error code mangling in psa_mac_verify_finish
If psa_mac_finish_internal fails (which can only happen due to bad parameters or hardware problem), the error code was converted to PSA_ERROR_INVALID_SIGNATURE if the uninitialized stack variable actual_mac happened to contain the expected MAC. This is a minor bug but it may be possible to leverage it as part of a longer attack path in some scenarios. Reported externally. Found by static analysis.
This commit is contained in:
parent
448d1cc854
commit
28cd41676e
|
@ -3030,6 +3030,8 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
|
||||||
|
|
||||||
status = psa_mac_finish_internal( operation,
|
status = psa_mac_finish_internal( operation,
|
||||||
actual_mac, sizeof( actual_mac ) );
|
actual_mac, sizeof( actual_mac ) );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
|
if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
|
||||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||||
|
|
Loading…
Reference in a new issue