From 296eca6e76d986989bf2274a59e243fd0c59c661 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Sep 2019 15:21:37 +0300 Subject: [PATCH 1/3] Fix a buffer overflow in hmac_setup_internal At the end of `psa_hmac_setup_internal()`, the ipad is cleared. However, the size that was given to clear was `key_len` which is larger than the size of `ipad`. --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a80f13de3f..98239c32e4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2735,7 +2735,7 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, status = psa_hash_update( &hmac->hash_ctx, ipad, block_size ); cleanup: - mbedtls_platform_zeroize( ipad, key_length ); + mbedtls_platform_zeroize( ipad, sizeof(ipad) ); return( status ); } From 16cca804fb2d2dca53f9eb2abffa5ee9bc697f34 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 11 Sep 2019 10:14:48 +0300 Subject: [PATCH 2/3] Add non regression test Add a test that adds a very long key for an unsupported algorithm. --- tests/suites/test_suite_psa_crypto.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8eee9893dd..ca57530c42 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -995,6 +995,10 @@ PSA MAC verify: CMAC-AES-128, truncated to 4 bytes depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747" +PSA MAC setup: incompatible key MD for HMAC +depends_on:!MBEDTLS_MD5_C +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED + Cipher operation object initializers zero properly cipher_operation_init: From 5a0f45b61bb97e404eac9dfa4a01eca31aa658bb Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 11 Sep 2019 14:09:08 +0300 Subject: [PATCH 3/3] Modify tests 1. Rephrase test description and move it to the section where all other same tests are located. 2. Add another test for short key. --- tests/suites/test_suite_psa_crypto.data | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ca57530c42..58b7eabf12 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -799,6 +799,14 @@ depends_on:MBEDTLS_CMAC_C # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED +PSA MAC setup: algorithm known but not supported, long key +depends_on:!MBEDTLS_MD5_C +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED + +PSA MAC setup: algorithm known but not supported, short key +depends_on:!MBEDTLS_MD5_C +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED + PSA MAC: bad order function calls depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_bad_order: @@ -995,10 +1003,6 @@ PSA MAC verify: CMAC-AES-128, truncated to 4 bytes depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 4):"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747" -PSA MAC setup: incompatible key MD for HMAC -depends_on:!MBEDTLS_MD5_C -mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED - Cipher operation object initializers zero properly cipher_operation_init: