psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv()

Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-07-05 12:31:44 +02:00
parent 6fbc057786
commit c423acbe0f

View file

@ -3379,8 +3379,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
size_t *iv_length ) size_t *iv_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
*iv_length = 0; size_t default_iv_length;
if( operation->id == 0 ) if( operation->id == 0 )
{ {
@ -3394,28 +3394,38 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
goto exit; goto exit;
} }
if( iv_size < operation->default_iv_length ) default_iv_length = operation->default_iv_length;
if( iv_size < default_iv_length )
{ {
status = PSA_ERROR_BUFFER_TOO_SMALL; status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit; goto exit;
} }
status = psa_generate_random( iv, operation->default_iv_length ); if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
{
status = PSA_ERROR_GENERIC_ERROR;
goto exit;
}
status = psa_generate_random( local_iv, default_iv_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
status = psa_driver_wrapper_cipher_set_iv( operation, status = psa_driver_wrapper_cipher_set_iv( operation,
iv, local_iv, default_iv_length );
operation->default_iv_length );
exit: exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
{ {
memcpy( iv, local_iv, default_iv_length );
*iv_length = default_iv_length;
operation->iv_set = 1; operation->iv_set = 1;
*iv_length = operation->default_iv_length;
} }
else else
{
*iv_length = 0;
psa_cipher_abort( operation ); psa_cipher_abort( operation );
}
return( status ); return( status );
} }