Merge pull request #861 from ronald-cron-arm/fix-aead-nonce
psa: aead: Fix invalid output buffer usage in generate_nonce()
This commit is contained in:
commit
5d9f42200f
2 changed files with 11 additions and 2 deletions
5
ChangeLog.d/fix-aead-nonce.txt
Normal file
5
ChangeLog.d/fix-aead-nonce.txt
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
Security
|
||||||
|
* In psa_aead_generate_nonce(), do not read back from the output buffer.
|
||||||
|
This fixes a potential policy bypass or decryption oracle vulnerability
|
||||||
|
if the output buffer is in memory that is shared with an untrusted
|
||||||
|
application.
|
|
@ -3901,6 +3901,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
|
||||||
size_t *nonce_length )
|
size_t *nonce_length )
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
|
||||||
size_t required_nonce_size;
|
size_t required_nonce_size;
|
||||||
|
|
||||||
*nonce_length = 0;
|
*nonce_length = 0;
|
||||||
|
@ -3925,15 +3926,18 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_generate_random( nonce, required_nonce_size );
|
status = psa_generate_random( local_nonce, required_nonce_size );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
status = psa_aead_set_nonce( operation, nonce, required_nonce_size );
|
status = psa_aead_set_nonce( operation, local_nonce, required_nonce_size );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
memcpy( nonce, local_nonce, required_nonce_size );
|
||||||
*nonce_length = required_nonce_size;
|
*nonce_length = required_nonce_size;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
psa_aead_abort( operation );
|
psa_aead_abort( operation );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue