Merge pull request #4939 from gilles-peskine-arm/psa_cipher_update_ecp-unused_parameter-2.x

Backport 2.x: Fix parameter set but unused on psa_cipher_update_ecb
This commit is contained in:
Janos Follath 2021-09-13 13:55:16 +01:00 committed by GitHub
commit 2079aa7838
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 8 deletions

View file

@ -0,0 +1,2 @@
Bugfix
* Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.

View file

@ -258,16 +258,34 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
iv, iv_length ) ) ); iv, iv_length ) ) );
} }
/* Process input for which the algorithm is set to ECB mode. This requires /** Process input for which the algorithm is set to ECB mode.
* manual processing, since the PSA API is defined as being able to process *
* arbitrary-length calls to psa_cipher_update() with ECB mode, but the * This requires manual processing, since the PSA API is defined as being
* underlying mbedtls_cipher_update only takes full blocks. */ * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
* but the underlying mbedtls_cipher_update only takes full blocks.
*
* \param ctx The mbedtls cipher context to use. It must have been
* set up for ECB.
* \param[in] input The input plaintext or ciphertext to process.
* \param input_length The number of bytes to process from \p input.
* This does not need to be aligned to a block boundary.
* If there is a partial block at the end of the input,
* it is stored in \p ctx for future processing.
* \param output The buffer where the output is written. It must be
* at least `BS * floor((p + input_length) / BS)` bytes
* long, where `p` is the number of bytes in the
* unprocessed partial block in \p ctx (with
* `0 <= p <= BS - 1`) and `BS` is the block size.
* \param output_length On success, the number of bytes written to \p output.
* \c 0 on error.
*
* \return #PSA_SUCCESS or an error from a hardware accelerator
*/
static psa_status_t psa_cipher_update_ecb( static psa_status_t psa_cipher_update_ecb(
mbedtls_cipher_context_t *ctx, mbedtls_cipher_context_t *ctx,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
uint8_t *output, uint8_t *output,
size_t output_size,
size_t *output_length ) size_t *output_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -307,7 +325,6 @@ static psa_status_t psa_cipher_update_ecb(
goto exit; goto exit;
output += internal_output_length; output += internal_output_length;
output_size -= internal_output_length;
*output_length += internal_output_length; *output_length += internal_output_length;
ctx->unprocessed_len = 0; ctx->unprocessed_len = 0;
} }
@ -328,7 +345,6 @@ static psa_status_t psa_cipher_update_ecb(
input += block_size; input += block_size;
output += internal_output_length; output += internal_output_length;
output_size -= internal_output_length;
*output_length += internal_output_length; *output_length += internal_output_length;
} }
@ -383,7 +399,6 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
input, input,
input_length, input_length,
output, output,
output_size,
output_length ); output_length );
} }
else else