diff options
| author | RĂ©mi Verschelde <remi@verschelde.fr> | 2021-12-21 09:13:31 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-21 09:13:31 +0100 |
| commit | 73f09b157462dade279b5f76ca5c6a487e46dba4 (patch) | |
| tree | 6244d3f57e7faf4cd41496ab875fa315c7519194 /thirdparty/mbedtls/library/cipher.c | |
| parent | 71616630e033670dc90c5d87fb65b758877f8ea1 (diff) | |
| parent | 36d316876bd29a9157be08d51803c0f6277deb47 (diff) | |
Merge pull request #56098 from Faless/mbedtls/2.16.12
Diffstat (limited to 'thirdparty/mbedtls/library/cipher.c')
| -rw-r--r-- | thirdparty/mbedtls/library/cipher.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/thirdparty/mbedtls/library/cipher.c b/thirdparty/mbedtls/library/cipher.c index 57da0b9c44..4ea0221f4d 100644 --- a/thirdparty/mbedtls/library/cipher.c +++ b/thirdparty/mbedtls/library/cipher.c @@ -967,6 +967,12 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } + /* Status to return on a non-authenticated algorithm. It would make sense + * to return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or perhaps + * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our + * unit tests assume 0. */ + ret = 0; + #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { @@ -981,9 +987,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, /* Check the tag in "constant-time" */ if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 ) - return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); - - return( 0 ); + { + ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; + goto exit; + } } #endif /* MBEDTLS_GCM_C */ @@ -1003,13 +1010,16 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, /* Check the tag in "constant-time" */ if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 ) - return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); - - return( 0 ); + { + ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; + goto exit; + } } #endif /* MBEDTLS_CHACHAPOLY_C */ - return( 0 ); +exit: + mbedtls_platform_zeroize( check_tag, tag_len ); + return( ret ); } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ |