Fix psa_mac_verify() returning BUFFER_TOO_SMALL

It doesn't make sense for psa_mac_verify() to return PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this was happening when requesting the verification of an unsupported algorithm whose output size is larger than the maximum supported MAC size, e.g. HMAC-SHA-512 when building with only SHA-256 support. Arrange to return PSA_ERROR_NOT_SUPPORTED instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-11-26 08:55:40 +01:00 · 2022-03-16 13:54:49 +01:00 · 2022-03-16 13:54:49 +01:00 · bc79582105
commit bc79582105
parent 449e02e909
1 changed files with 14 additions and 0 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2371,6 +2371,20 @@ static psa_status_t psa_mac_finalize_alg_and_key_validation(
        return( PSA_ERROR_INVALID_ARGUMENT );
    }

+    if( *mac_size > PSA_MAC_MAX_SIZE )
+    {
+        /* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
+         * that is disabled in the compile-time configuration. The result can
+         * therefore be larger than PSA_MAC_MAX_SIZE, which does take the
+         * configuration into account. In this case, force a return of
+         * PSA_ERROR_NOT_SUPPORTED here. Otherwise psa_mac_verify(), or
+         * psa_mac_compute(mac_size=PSA_MAC_MAX_SIZE), would return
+         * PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
+         * is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
+         * systematically generated tests. */
+        return( PSA_ERROR_NOT_SUPPORTED );
+    }
+
    return( PSA_SUCCESS );
 }