Add checks for buffer size
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c1517e5..d3f7c2e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3513,6 +3513,13 @@
key_type = slot->attr.type;
iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
+ if( output_size < PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+ input_length ) )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
if( iv_length > 0 )
{
if( output_size < iv_length )
@@ -3564,11 +3571,25 @@
.core = slot->attr
};
+ if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if( output_size < PSA_CIPHER_DECRYPT_OUTPUT_SIZE( slot->attr.type, alg,
+ input_length ) )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length );
+exit:
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index ed43085..4d5bf20 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -532,6 +532,12 @@
if( status != PSA_SUCCESS )
goto exit;
+ if( output_size < accumulated_length )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
status = cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length, &olength );
accumulated_length += olength;