From 79f6b6bb1bcbef2fb783cb43724903dea30377f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 14:17:03 +0100 Subject: [PATCH] tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() It might happen that the psa_pake_output() function returns elements which are not exactly 32 or 65 bytes as expected, but 1 bytes less. As a consequence, insted of hardcoding the expected value for the length in the output buffer, we write the correct one as obtained from psa_pake_output() Signed-off-by: Valerio Setti --- library/ssl_tls.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c1436c5321..7b51040c46 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8259,20 +8259,27 @@ int mbedtls_psa_ecjpake_write_round( step <= PSA_PAKE_STEP_ZK_PROOF; ++step ) { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - + /* + * For each step, prepend 1 byte with the length of the data. + * + * NOTE = psa_pake_output() sometimes output elements which are + * NOT 32 or 65 bytes as expected, but 1 byte less. So, instead + * of hardcoding the expected length, we + * - get the output first + * - then write the length of this output + */ status = psa_pake_output( pake_ctx, step, - buf + output_offset, - len - output_offset, + buf + output_offset + 1, + len - output_offset - 1, &output_len ); if( status != PSA_SUCCESS ) { return( psa_ssl_status_to_mbedtls( status ) ); } - output_offset += output_len; + *(buf + output_offset) = output_len; + + output_offset += output_len + 1; } }