mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-12-13 12:32:43 +01:00
parent 1c68ba1afd
commit dc269bbd08

View file

@ -1125,6 +1125,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Status to return on a non-authenticated algorithm. It would make sense
* to return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or perhaps
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our
* unit tests assume 0. */
ret = 0;
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
@ -1140,9 +1146,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
#endif /* MBEDTLS_GCM_C */
@ -1162,13 +1166,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
#endif /* MBEDTLS_CHACHAPOLY_C */
return( 0 );
mbedtls_platform_zeroize( check_tag, tag_len );
return( ret );
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */