ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 00:49:04 +08:00
Code Issues Releases Wiki Activity

tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round()

Browse Source 
It might happen that the psa_pake_output() function returns
elements which are not exactly 32 or 65 bytes as expected, but
1 bytes less.
As a consequence, insted of hardcoding the expected value for
the length in the output buffer, we write the correct one as
obtained from psa_pake_output()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-11-21 14:17:03 +01:00
parent 61ea17d30a
commit 79f6b6bb1b
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
library/ssl_tls.c
View File

@ -8259,20 +8259,27 @@ int mbedtls_psa_ecjpake_write_round(
step <= PSA_PAKE_STEP_ZK_PROOF; step <= PSA_PAKE_STEP_ZK_PROOF;
++step ) ++step )
{ {
/* For each step, prepend 1 byte with the length of the data */ /*
*(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); * For each step, prepend 1 byte with the length of the data.
output_offset += 1; *
* NOTE = psa_pake_output() sometimes output elements which are
* NOT 32 or 65 bytes as expected, but 1 byte less. So, instead
* of hardcoding the expected length, we
* - get the output first
* - then write the length of this output
*/
status = psa_pake_output( pake_ctx, step, status = psa_pake_output( pake_ctx, step,
buf + output_offset, buf + output_offset + 1,
len - output_offset, len - output_offset - 1,
&output_len ); &output_len );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ {
return( psa_ssl_status_to_mbedtls( status ) ); return( psa_ssl_status_to_mbedtls( status ) );
} }
output_offset += output_len; *(buf + output_offset) = output_len;
output_offset += output_len + 1;
} }
} }