yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

psa: aead: Fix invalid output buffer usage in generate_nonce()

Browse source 
Don't use the output buffer in psa_aead_generate_nonce()
to pass the generated nonce to the driver as a local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-11-26 18:53:58 +01:00
parent 74217ee03c
commit cae5909053
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
library/psa_crypto.c
View file

@ -3868,6 +3868,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
size_t *nonce_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
size_t required_nonce_size;
*nonce_length = 0;
@ -3892,15 +3893,24 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
goto exit;
}
status = psa_generate_random( nonce, required_nonce_size );
if( required_nonce_size > sizeof( local_nonce ) )
{
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
status = psa_generate_random( local_nonce, required_nonce_size );
if( status != PSA_SUCCESS )
goto exit;
status = psa_aead_set_nonce( operation, nonce, required_nonce_size );
status = psa_aead_set_nonce( operation, local_nonce, required_nonce_size );
exit:
if( status == PSA_SUCCESS )
{
memcpy( nonce, local_nonce, required_nonce_size );
*nonce_length = required_nonce_size;
}
else
psa_aead_abort( operation );