Merge pull request #248 from RonEld/stack_overflow_in_hmac_fix
Fix a buffer overflow in hmac_setup_internal
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a80f13d..98239c3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2735,7 +2735,7 @@
status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
cleanup:
- mbedtls_platform_zeroize( ipad, key_length );
+ mbedtls_platform_zeroize( ipad, sizeof(ipad) );
return( status );
}
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 8eee989..58b7eab 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -799,6 +799,14 @@
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
+PSA MAC setup: algorithm known but not supported, long key
+depends_on:!MBEDTLS_MD5_C
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC setup: algorithm known but not supported, short key
+depends_on:!MBEDTLS_MD5_C
+mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED
+
PSA MAC: bad order function calls
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
mac_bad_order: