yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-13 18:55:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

psa: mac: Improve MAC finalization code

Browse source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-06-18 13:05:48 +02:00
parent dbb8646c2c
commit 882eb780fb
1 changed files with 22 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
library/psa_crypto.c
View file

@ -2463,24 +2463,22 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
mac, operation->mac_size, mac, operation->mac_size,
mac_length ); mac_length );
if( status == PSA_SUCCESS ) /* In case of success, set the potential excess room in the output buffer
* to an invalid value, to avoid potentially leaking a longer MAC.
* In case of error, set the output length and content to a safe default,
* such that in case the caller misses an error check, the output would be
* an unachievable MAC.
*/
if( status != PSA_SUCCESS )
{ {
/* Set the excess room in the output buffer to an invalid value, to
* avoid potentially leaking a longer MAC. */
if( mac_size > operation->mac_size )
memset( &mac[operation->mac_size],
'!',
mac_size - operation->mac_size );
}
else
{
/* Set the output length and content to a safe default, such that in
* case the caller misses an error check, the output would be an
* unachievable MAC. */
*mac_length = mac_size; *mac_length = mac_size;
memset( mac, '!', mac_size ); operation->mac_size = 0;
} }
if( mac_size > operation->mac_size )
memset( &mac[operation->mac_size], '!',
mac_size - operation->mac_size );
abort_status = psa_mac_abort( operation ); abort_status = psa_mac_abort( operation );
return( status == PSA_SUCCESS ? abort_status : status ); return( status == PSA_SUCCESS ? abort_status : status );
@ -2555,23 +2553,19 @@ psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
mac, operation_mac_size, mac_length ); mac, operation_mac_size, mac_length );
exit: exit:
if( status == PSA_SUCCESS ) /* In case of success, set the potential excess room in the output buffer
* to an invalid value, to avoid potentially leaking a longer MAC.
* In case of error, set the output length and content to a safe default,
* such that in case the caller misses an error check, the output would be
* an unachievable MAC.
*/
if( status != PSA_SUCCESS )
{ {
/* Set the excess room in the output buffer to an invalid value, to
* avoid potentially leaking a longer MAC. */
if( mac_size > operation_mac_size )
memset( &mac[operation_mac_size],
'!',
mac_size - operation_mac_size );
}
else
{
/* Set the output length and content to a safe default, such that in
* case the caller misses an error check, the output would be an
* unachievable MAC. */
*mac_length = mac_size; *mac_length = mac_size;
memset( mac, '!', mac_size ); operation_mac_size = 0;
} }
if( mac_size > operation_mac_size )
memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
unlock_status = psa_unlock_key_slot( slot ); unlock_status = psa_unlock_key_slot( slot );