From f337850738ca8d77dd0d31514fdb451381f6bd38 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 11:32:11 +0200
Subject: [PATCH] Use const size buffer for local output in CCM decryption.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 include/mbedtls/ccm.h |  2 --
 library/ccm.c         | 28 +++-------------------------
 2 files changed, 3 insertions(+), 27 deletions(-)

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 06aa6a8884..c903e68fd3 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -61,8 +61,6 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
-/** Memory allocation failed */
-#define MBEDTLS_ERR_CCM_ALLOC_FAILED    -0x0011
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/ccm.c b/library/ccm.c
index 20e9414acc..13582d2a0e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -43,9 +43,6 @@
 #include <stdio.h>
 #define mbedtls_printf printf
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
 #endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_CCM_ALT)
@@ -337,8 +334,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     unsigned char i;
     size_t use_len, offset, olen;
 
-    const size_t local_output_len = input_len;
-    unsigned char* local_output = NULL;
+    unsigned char local_output[16];
 
     if( ctx->state & CCM_STATE__ERROR )
     {
@@ -350,19 +346,6 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    /* Local output is used for decryption only. */
-    if( local_output_len > 0 && \
-        ( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-          ctx->mode == MBEDTLS_CCM_STAR_DECRYPT ) )
-    {
-        local_output = mbedtls_calloc( local_output_len, sizeof( *local_output) );
-        if( local_output == NULL )
-        {
-            ctx->state |= CCM_STATE__ERROR;
-            return MBEDTLS_ERR_CCM_ALLOC_FAILED;
-        }
-    }
-
     if( output_size < input_len )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
     *output_len = input_len;
@@ -414,7 +397,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
                 ctx->y[i + offset] ^= local_output[i];
 
             memcpy( output, local_output, use_len );
-            mbedtls_platform_zeroize( local_output, local_output_len );
+            mbedtls_platform_zeroize( local_output, 16 );
 
             if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
             {
@@ -439,12 +422,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
     }
 
 exit:
-    if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-        ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
-    {
-        mbedtls_platform_zeroize( local_output, local_output_len );
-        mbedtls_free( local_output );
-    }
+    mbedtls_platform_zeroize( local_output, 16 );
 
     return ret;
 }