yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix missing check on output_size in psa_cipher_finish func

Browse source
This commit is contained in:
Moran Peker 2018-04-22 20:19:20 +03:00 committed by itayzafrir
parent 0071b873a3
commit bed71a2b17
2 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/psa/crypto.h
View file

@ -321,6 +321,10 @@ typedef uint32_t psa_algorithm_t;
#define PSA_ALG_CTR ((psa_algorithm_t)0x04800001) #define PSA_ALG_CTR ((psa_algorithm_t)0x04800001)
#define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800002) #define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800002)
#define PSA_ALG_IS_STREAM_CIPHER(alg) \
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_SUBCATEGORY_MASK)) == \
PSA_ALG_STREAM_CIPHER)
#define PSA_ALG_CCM ((psa_algorithm_t)0x06000001) #define PSA_ALG_CCM ((psa_algorithm_t)0x06000001)
#define PSA_ALG_GCM ((psa_algorithm_t)0x06000002) #define PSA_ALG_GCM ((psa_algorithm_t)0x06000002)

22
library/psa_crypto.c
View file

@ -1466,13 +1466,31 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
{ {
int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
uint8_t temp_output_buffer[ MBEDTLS_MAX_BLOCK_LENGTH ];
if( ! operation->key_set ) if( ! operation->key_set )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
if( ! operation->iv_set ) if( ! operation->iv_set )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT )
{
if (operation->ctx.cipher.unprocessed_len > operation->block_size)
return( PSA_ERROR_INVALID_ARGUMENT );
if ( ( ( ( operation->alg ) & PSA_ALG_BLOCK_CIPHER_PAD_NONE ) == PSA_ALG_BLOCK_CIPHER_PAD_NONE )
&& ( operation->ctx.cipher.unprocessed_len != 0 ) )
return(PSA_ERROR_INVALID_ARGUMENT);
if ( ( ( ( operation->alg ) & PSA_ALG_BLOCK_CIPHER_PAD_PKCS7 ) == PSA_ALG_BLOCK_CIPHER_PAD_PKCS7 )
&& ( output_size != operation->block_size ) )
return(PSA_ERROR_INVALID_ARGUMENT);
}
if ( operation->ctx.cipher.operation == MBEDTLS_DECRYPT )
if (operation->ctx.cipher.unprocessed_len != 0)
return( PSA_ERROR_INVALID_ARGUMENT );
ret = mbedtls_cipher_finish( &operation->ctx.cipher, output, ret = mbedtls_cipher_finish(&operation->ctx.cipher, temp_output_buffer,
output_length ); output_length);
if ( output_size > *output_length )
memcpy( temp_output_buffer, output, *output_length );
if( ret != 0 ) if( ret != 0 )
{ {
psa_cipher_abort( operation ); psa_cipher_abort( operation );