AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-12-13 12:32:43 +01:00
parent 050ad4bb50
commit e7835d92c1
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
library/cipher.c
View File

@ -1175,6 +1175,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Status to return on a non-authenticated algorithm. It would make sense
* to return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or perhaps
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our
* unit tests assume 0. */
ret = 0;
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
@ -1195,9 +1201,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
#endif /* MBEDTLS_GCM_C */
@ -1217,13 +1221,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
}
#endif /* MBEDTLS_CHACHAPOLY_C */
return( 0 );
mbedtls_platform_zeroize( check_tag, tag_len );
return( ret );
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */