Fix possible buffer overread in psa_mac_finish_internal (CMAC)

This commit is contained in:
Gilles Peskine 2018-08-21 14:55:49 +02:00
parent 6d72ff9e79
commit 87b0ac49f8

View file

@ -1738,7 +1738,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
uint8_t tmp[PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE]; uint8_t tmp[PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE];
int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp ); int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
if( ret == 0 ) if( ret == 0 )
memcpy( mac, tmp, mac_size ); memcpy( mac, tmp, operation->mac_size );
mbedtls_zeroize( tmp, sizeof( tmp ) ); mbedtls_zeroize( tmp, sizeof( tmp ) );
return( mbedtls_to_psa_error( ret ) ); return( mbedtls_to_psa_error( ret ) );
} }