From dcd081150196f567fa8b4ef2de5df3e755ef3bab Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 18:00:37 +0200 Subject: [PATCH] Remove superfluous length check The key passed to the driver has been imported by the PSA Core, meaning its length has already been verified, and the driver can rely on the buffer length and key attributes being consistent. Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 8e64741e6..a5ef9e57d 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -196,8 +196,7 @@ exit: #if defined(BUILTIN_ALG_CMAC) static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size ) + const uint8_t *key_buffer ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t * cipher_info = @@ -210,9 +209,6 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); if( ret != 0 ) goto exit; @@ -335,8 +331,10 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, #if defined(BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) { - status = cmac_setup( operation, attributes, - key_buffer, key_buffer_size ); + /* Key buffer size for CMAC is dictated by the key bits set on the + * attributes, and previously validated by the core on key import. */ + (void) key_buffer_size; + status = cmac_setup( operation, attributes, key_buffer ); } else #endif /* BUILTIN_ALG_CMAC */