From 32925b9e5b3c67c754ca7f8fcb34abf56c5fe480 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 18:56:12 +0100 Subject: [PATCH] Make sure unused parts of tag buffer are cleared We already did this on failure, but make sure the buffer does not leak what was in it previously on success Signed-off-by: Paul Elliott --- library/psa_crypto.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e14508353d..95f9740633 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3804,9 +3804,14 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, exit: /* In case the operation fails and the user fails to check for failure or - * the zero tag size, make sure the tag is set to something impossible. */ + * the zero tag size, make sure the tag is set to something impossible. + * Even if the operation succeeds, make sure we set the rest of the + * buffer to something impossible to prevent potential leakage of + * anything previously placed in the same buffer.*/ if( status != PSA_SUCCESS ) - memset(tag, '!', tag_size); + memset( tag, '!', tag_size ); + else if( *tag_length < tag_size ) + memset( tag + *tag_length, '!', ( tag_size - *tag_length ) ); psa_aead_abort( operation );