yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-24 22:46:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix safe output length in hash and mac finish

Browse source 
In psa_hash_finish and psa_mac_finish_internal, set the fallback
output length (which is reported on error) to the output buffer size,
not to the _expected_ buffer size which could be larger.
This commit is contained in:
Gilles Peskine 2018-07-02 12:15:28 +02:00 committed by itayzafrir
parent 02b750781f
commit aee13338b3
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
library/psa_crypto.c
View file

@ -1013,7 +1013,7 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
/* Fill the output buffer with something that isn't a valid hash /* Fill the output buffer with something that isn't a valid hash
* (barring an attack on the hash and deliberately-crafted input), * (barring an attack on the hash and deliberately-crafted input),
* in case the caller doesn't check the return status properly. */ * in case the caller doesn't check the return status properly. */
*hash_length = actual_hash_length; *hash_length = hash_size;
/* If hash_size is 0 then hash may be NULL and then the /* If hash_size is 0 then hash may be NULL and then the
* call to memset would have undefined behavior. */ * call to memset would have undefined behavior. */
if( hash_size != 0 ) if( hash_size != 0 )
@ -1068,6 +1068,7 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
if( ret == 0 ) if( ret == 0 )
{ {
*hash_length = actual_hash_length;
return( psa_hash_abort( operation ) ); return( psa_hash_abort( operation ) );
} }
else else
@ -1517,7 +1518,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
/* Fill the output buffer with something that isn't a valid mac /* Fill the output buffer with something that isn't a valid mac
* (barring an attack on the mac and deliberately-crafted input), * (barring an attack on the mac and deliberately-crafted input),
* in case the caller doesn't check the return status properly. */ * in case the caller doesn't check the return status properly. */
*mac_length = operation->mac_size; *mac_length = mac_size;
/* If mac_size is 0 then mac may be NULL and then the /* If mac_size is 0 then mac may be NULL and then the
* call to memset would have undefined behavior. */ * call to memset would have undefined behavior. */
if( mac_size != 0 ) if( mac_size != 0 )
@ -1583,6 +1584,7 @@ cleanup:
if( ret == 0 && status == PSA_SUCCESS ) if( ret == 0 && status == PSA_SUCCESS )
{ {
*mac_length = operation->mac_size;
return( psa_mac_abort( operation ) ); return( psa_mac_abort( operation ) );
} }
else else