Fix possible error code mangling in psa_mac_verify_finish If psa_mac_finish_internal fails (which can only happen due to bad parameters or hardware problem), the error code was converted to PSA_ERROR_INVALID_SIGNATURE if the uninitialized stack variable actual_mac happened to contain the expected MAC. This is a minor bug but it may be possible to leverage it as part of a longer attack path in some scenarios. Reported externally. Found by static analysis.

commit: 28cd41676e2d3c978aa9cec0ce048e81b930cffa [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Jan 20 16:31:06 2020 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Jan 20 16:31:06 2020 +0100
tree: 89cd1acb780ee57bb744d3f1684d72ac07075fd0
parent: 448d1cc854237feca7412bae2e0c1c99de5b6999 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4450fdb..8667d13 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -3030,6 +3030,8 @@
 
     status = psa_mac_finish_internal( operation,
                                       actual_mac, sizeof( actual_mac ) );
+    if( status != PSA_SUCCESS )
+        goto cleanup;
 
     if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
         status = PSA_ERROR_INVALID_SIGNATURE;
commit	28cd41676e2d3c978aa9cec0ce048e81b930cffa	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Jan 20 16:31:06 2020 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Jan 20 16:31:06 2020 +0100
tree	89cd1acb780ee57bb744d3f1684d72ac07075fd0
parent	448d1cc854237feca7412bae2e0c1c99de5b6999 [diff] [blame]