yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 20:01:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls_cipher_check_tag: jump on error for more robustness to refactoring

Browse source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-12-13 16:57:47 +01:00
parent 622d80453b
commit f9a0501683
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/cipher.c
View file

@ -1146,7 +1146,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */ /* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 ) if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
{
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto exit;
}
} }
#endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_GCM_C */
@ -1166,10 +1169,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */ /* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 ) if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
{
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto exit;
}
} }
#endif /* MBEDTLS_CHACHAPOLY_C */ #endif /* MBEDTLS_CHACHAPOLY_C */
exit:
mbedtls_platform_zeroize( check_tag, tag_len ); mbedtls_platform_zeroize( check_tag, tag_len );
return( ret ); return( ret );
} }