Merge pull request #9315 from gilles-peskine-arm/psa_cipher_decrypt-ccm_star-iv_length_enforcement

psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
2025-07-29 11:41:15 +03:00 · 2024-07-04 14:39:25 +00:00
parent cd906958df 7b6ddfcd25
commit c971d80faa
3 changed files with 23 additions and 8 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -4631,11 +4631,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
        goto exit;
    }

-    if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
-        input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
+    if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
        status = PSA_ERROR_INVALID_ARGUMENT;
        goto exit;
    }