From 3a16e014f209d754586d3fac23f9856830a1a4e9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 18:03:15 +0100 Subject: [PATCH] Ensure tag lengths match in verification Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index d585c59f6..0e7ca63c5 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -733,8 +733,8 @@ psa_status_t mbedtls_psa_aead_verify( { *plaintext_length = finish_output_size; - if( do_tag_check && - mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) + if( do_tag_check && ( tag_length != operation->tag_length || + mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) ) status = PSA_ERROR_INVALID_SIGNATURE; }