Summary

This describes an undefined behavior in PSA mac driver (psa_crypto_mac.c). Basically, if the key_length is equal to block_size, memset would be called with a destination address outside the boundary of ipad and opad, with a null size. Since memset implementation is compiler-dependent, it is a good practice not to assume that it won't dereference the out-of-bound destination address.

Instead, only call memset if key_length is less than block_size.

System information

Mbed TLS version: v3.6.4
Operating system and version: Ubuntu 24.04.2 LTS
Configuration (if not default, please attach mbedtls_config.h): Default
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:

Expected behavior

memset() should not be called when key_length is equal to block_size.

Actual behavior

memset() may be called when key_length is equal to block_size.