psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv()

Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto.c

@@ -3379,8 +3379,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
                                      size_t *iv_length )
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    *iv_length = 0;
+    uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
+    size_t default_iv_length;
 
     if( operation->id == 0 )
     {
@@ -3394,28 +3394,38 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
         goto exit;
     }
 
-    if( iv_size < operation->default_iv_length )
+    default_iv_length = operation->default_iv_length;
+    if( iv_size < default_iv_length )
     {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    status = psa_generate_random( iv, operation->default_iv_length );
+    if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
+    {
+        status = PSA_ERROR_GENERIC_ERROR;
+        goto exit;
+    }
+
+    status = psa_generate_random( local_iv, default_iv_length );
     if( status != PSA_SUCCESS )
         goto exit;
 
     status = psa_driver_wrapper_cipher_set_iv( operation,
-                                               iv,
-                                               operation->default_iv_length );
+                                               local_iv, default_iv_length );
 
 exit:
     if( status == PSA_SUCCESS )
     {
+        memcpy( iv, local_iv, default_iv_length );
+        *iv_length = default_iv_length;
         operation->iv_set = 1;
-        *iv_length = operation->default_iv_length;
     }
     else
+    {
+        *iv_length = 0;
         psa_cipher_abort( operation );
+    }
 
     return( status );
 }