Skip to content

Commit 4e7e054

Browse files
author
Ron Eldor
committed
Fix memory overflow
Fix memory overflow, by adding a local buffer of type `CRYS_AESCCM_Mac_Res_t `for the tag result, and copy to the input parameter `tag`.
1 parent 93e0f64 commit 4e7e054

File tree

1 file changed

+10
-4
lines changed
  • features/cryptocell/FEATURE_CRYPTOCELL310

1 file changed

+10
-4
lines changed

features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
6868

6969
{
7070
CRYSError_t CrysRet = CRYS_OK;
71+
CRYS_AESCCM_Mac_Res_t CC_Mac_Res = { 0 };
7172
/*
7273
* Check length requirements: SP800-38C A.1
7374
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -76,6 +77,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
7677
if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
7778
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
7879

80+
if( tag_len > sizeof( CC_Mac_Res ) )
81+
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
82+
7983
/* Also implies q is within bounds */
8084
if( iv_len < 7 || iv_len > 13 )
8185
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -85,10 +89,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
8589
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
8690
#endif
8791

88-
CrysRet = CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->cipher_key, ctx->keySize_ID,(uint8_t*)iv, iv_len,
89-
(uint8_t*)add, add_len, (uint8_t*)input, length, output, tag_len, tag );
90-
if( CrysRet != CRYS_OK )
91-
return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
92+
CrysRet = CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->cipher_key, ctx->keySize_ID, (uint8_t*)iv, iv_len,
93+
(uint8_t*)add, add_len, (uint8_t*)input, length, output, tag_len, CC_Mac_Res );
94+
if ( CrysRet != CRYS_OK )
95+
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
96+
97+
memcpy( tag, CC_Mac_Res, tag_len );
9298

9399
return ( 0 );
94100

0 commit comments

Comments
 (0)