Improve psa_wipe_output_buffer
Change name and document to ensure suitability only for "tags" is explicit. Add
support for output size of zero in PSA_SUCCESS case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3ec9273..fa6991e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2684,34 +2684,41 @@
}
/**
- * \brief Fill the unused part of the output buffer (the
- * whole buffer on error, the trailing part on
- * success) with something that isn't a valid
- * signature (barring an attack on the signature
- * and deliberately-crafted input), in case the
- * caller doesn't check the return status properly.
+ * \brief For output buffers which contain "tags"
+ * (outputs that may be checked for validity like
+ * Hashes, MACs and signatures), fill the unused
+ * part of the output buffer (the whole buffer on
+ * error, the trailing part on success) with
+ * something that isn't a valid tag (barring an
+ * attack on the tag and deliberately-crafted
+ * input), in case the caller doesn't check the
+ * return status properly.
*
* \param output_buffer pointer to buffer to wipe. May not be NULL
* unless \p output_buffer_size is zero.
* \param status status of function called to generate
* output_buffer originally
* \param output_buffer_size Size of output buffer. If zero, \p output_buffer
- * could be NULL
+ * could be NULL.
* \param output_buffer_length Length of data written to output_buffer, must be
* less than \p output_buffer_size
*/
-static void psa_wipe_output_buffer(uint8_t *output_buffer, psa_status_t status,
- size_t output_buffer_size, size_t output_buffer_length)
+static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status,
+ size_t output_buffer_size, size_t output_buffer_length)
{
- if (status == PSA_SUCCESS) {
- memset(output_buffer + output_buffer_length, '!',
- output_buffer_size - output_buffer_length);
- } else if (output_buffer_size > 0) {
- memset(output_buffer, '!', output_buffer_size);
+ size_t offset = 0;
+
+ if (output_buffer_size == 0) {
+ /* If output_buffer_size is 0 then we have nothing to do. We must not
+ call memset because output_buffer may be NULL in this case */
+ return;
}
- /* If output_buffer_size is 0 then we have nothing to do. We must
- * not call memset because output_buffer may be NULL in this
- * case.*/
+
+ if (status == PSA_SUCCESS) {
+ offset = output_buffer_length;
+ }
+
+ memset(output_buffer + offset, '!', output_buffer_size - offset);
}
static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
@@ -2776,8 +2783,8 @@
exit:
- psa_wipe_output_buffer(signature, status, signature_size,
- *signature_length);
+ psa_wipe_tag_output_buffer(signature, status, signature_size,
+ *signature_length);
unlock_status = psa_unlock_key_slot(slot);
@@ -3293,8 +3300,8 @@
exit:
- psa_wipe_output_buffer(signature, status, signature_size,
- *signature_length);
+ psa_wipe_tag_output_buffer(signature, status, signature_size,
+ *signature_length);
if (status != PSA_OPERATION_INCOMPLETE) {
if (status != PSA_SUCCESS) {