@@ -68,6 +68,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
68
68
69
69
{
70
70
CRYSError_t CrysRet = CRYS_OK ;
71
+ CRYS_AESCCM_Mac_Res_t CC_Mac_Res = { 0 };
71
72
/*
72
73
* Check length requirements: SP800-38C A.1
73
74
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
@@ -76,6 +77,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
76
77
if ( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
77
78
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
78
79
80
+ if ( tag_len > sizeof ( CC_Mac_Res ) )
81
+ return ( MBEDTLS_ERR_CCM_BAD_INPUT );
82
+
79
83
/* Also implies q is within bounds */
80
84
if ( iv_len < 7 || iv_len > 13 )
81
85
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -85,10 +89,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
85
89
return ( MBEDTLS_ERR_CCM_BAD_INPUT );
86
90
#endif
87
91
88
- CrysRet = CRYS_AESCCM ( SASI_AES_ENCRYPT , ctx -> cipher_key , ctx -> keySize_ID ,(uint8_t * )iv , iv_len ,
89
- (uint8_t * )add , add_len , (uint8_t * )input , length , output , tag_len , tag );
90
- if ( CrysRet != CRYS_OK )
91
- return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
92
+ CrysRet = CRYS_AESCCM ( SASI_AES_ENCRYPT , ctx -> cipher_key , ctx -> keySize_ID , (uint8_t * )iv , iv_len ,
93
+ (uint8_t * )add , add_len , (uint8_t * )input , length , output , tag_len , CC_Mac_Res );
94
+ if ( CrysRet != CRYS_OK )
95
+ return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
96
+
97
+ memcpy ( tag , CC_Mac_Res , tag_len );
92
98
93
99
return ( 0 );
94
100
0 commit comments