From c423acbe0f7957d8ef1e6036c2429c9f79c6f05e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 5 Jul 2021 12:31:44 +0200 Subject: [PATCH] psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv() Don't use the output buffer in psa_cipher_generate_iv() to pass the generated IV to the driver as local attacker could potentially control it. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5aed67181..5d716305b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3379,8 +3379,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, size_t *iv_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - *iv_length = 0; + uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; + size_t default_iv_length; if( operation->id == 0 ) { @@ -3394,28 +3394,38 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, goto exit; } - if( iv_size < operation->default_iv_length ) + default_iv_length = operation->default_iv_length; + if( iv_size < default_iv_length ) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } - status = psa_generate_random( iv, operation->default_iv_length ); + if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE ) + { + status = PSA_ERROR_GENERIC_ERROR; + goto exit; + } + + status = psa_generate_random( local_iv, default_iv_length ); if( status != PSA_SUCCESS ) goto exit; status = psa_driver_wrapper_cipher_set_iv( operation, - iv, - operation->default_iv_length ); + local_iv, default_iv_length ); exit: if( status == PSA_SUCCESS ) { + memcpy( iv, local_iv, default_iv_length ); + *iv_length = default_iv_length; operation->iv_set = 1; - *iv_length = operation->default_iv_length; } else + { + *iv_length = 0; psa_cipher_abort( operation ); + } return( status ); }