yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

mbedtls_cipher_check_tag: jump on error for more robustness to refactoring

Browse source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-12-13 16:57:47 +01:00
parent a4174312da
commit cd74298c83
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/cipher.c
View file

@ -1201,7 +1201,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
{
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto exit;
}
}
#endif /* MBEDTLS_GCM_C */
@ -1221,10 +1224,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
/* Check the tag in "constant-time" */
if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
{
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
goto exit;
}
}
#endif /* MBEDTLS_CHACHAPOLY_C */
exit:
mbedtls_platform_zeroize( check_tag, tag_len );
return( ret );
}