mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-28 00:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add safety check to chachapoly finish

Browse Source 
Previous code checked that the buffer was big enough for the tag size
for the given algorithm, however chachapoly finish expects a 16 byte
buffer passed in, no matter what. If we start supporting smaller
chachapoly tags in the future, this could potentially end up in buffer
overflow, so add a safety check.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-07-22 18:48:24 +01:00
parent 2fe5db87d5
commit ed08cf884a
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/psa_crypto_aead.c
View File

@ -633,9 +633,18 @@ psa_status_t mbedtls_psa_aead_finish(
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
{
/* Belt and braces. Although the above tag_size check should have
* already done this, if we later start supporting smaller tag sizes
* for chachapoly, then passing a tag buffer smaller than 16 into here
* could cause a buffer overflow, so better safe than sorry. */
if( tag_size < 16 )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_chachapoly_finish( &operation->ctx.chachapoly, mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
tag ) ); tag ) );
}
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
{ {