commit 2df73ae7425b902fef8feffeccc47a8d1fd80c05
author Denis V. Lunev <dlunev@gmail.com> Thu Nov 01 12:22:27 2018 +0300
committer Tom Cosgrove <tom.cosgrove@arm.com> Fri Sep 30 17:15:49 2022 +0100
tree 806adf13c20229f9c4bffa816120659929fc6f14
parent 845de0898e505df4b9b2bf3eb95e2592a9910e98

mbedtls: fix possible false success in ...check_tags() helpers

We should report a error when the security check of the security
tag was not made. In the other case false success is possible and
is not observable by the software.

Technically this could lead to a security flaw.

Signed-off-by: Denis V. Lunev <dlunev@gmail.com>

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index 752d1fe..2f2e03b 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -505,7 +505,7 @@
     }
 #endif
 
-    return( 0 );
+    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
@@ -1134,7 +1134,7 @@
     }
 #endif
 
-    return( 0 );
+    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
 
 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
@@ -1161,11 +1161,8 @@
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    /* Status to return on a non-authenticated algorithm. It would make sense
-     * to return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or perhaps
-     * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our
-     * unit tests assume 0. */
-    ret = 0;
+    /* Status to return on a non-authenticated algorithm. */
+    ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 
 #if defined(MBEDTLS_GCM_C)
     if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )