psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv()
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6e73d12..e422133 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3314,8 +3314,8 @@
size_t *iv_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
- *iv_length = 0;
+ uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
+ size_t default_iv_length;
if( operation->id == 0 )
{
@@ -3329,28 +3329,38 @@
goto exit;
}
- if( iv_size < operation->default_iv_length )
+ default_iv_length = operation->default_iv_length;
+ if( iv_size < default_iv_length )
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
- status = psa_generate_random( iv, operation->default_iv_length );
+ if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
+ {
+ status = PSA_ERROR_GENERIC_ERROR;
+ goto exit;
+ }
+
+ status = psa_generate_random( local_iv, default_iv_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_driver_wrapper_cipher_set_iv( operation,
- iv,
- operation->default_iv_length );
+ local_iv, default_iv_length );
exit:
if( status == PSA_SUCCESS )
{
+ memcpy( iv, local_iv, default_iv_length );
+ *iv_length = default_iv_length;
operation->iv_set = 1;
- *iv_length = operation->default_iv_length;
}
else
+ {
+ *iv_length = 0;
psa_cipher_abort( operation );
+ }
return( status );
}