An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
psa_cipher_decrypt takes an input which is the IV concatenated with the ciphertext proper. It validates that the input is at least as large as the IV. This validation is wrong for PSA_ALG_CCM_STAR_NO_TAG: the length enforcement is for 16 bytes but the IV length is actually 13. As a consequence, psa_cipher_decrypt incorrectly returns PSA_ERROR_INVALID_ARGUMENT when the message is 3 bytes or less.
psa_cipher_decrypt
takes an input which is the IV concatenated with the ciphertext proper. It validates that the input is at least as large as the IV. This validation is wrong forPSA_ALG_CCM_STAR_NO_TAG
: the length enforcement is for 16 bytes but the IV length is actually 13. As a consequence,psa_cipher_decrypt
incorrectly returnsPSA_ERROR_INVALID_ARGUMENT
when the message is 3 bytes or less.Workaround: the multipart interface works fine.
Found by Cryptofuzz.