psa: cipher: Add bound check of the IV length in the core

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 10:15:08 +01:00 · 2021-03-26 10:15:08 +01:00 · a0d6817838
commit a0d6817838
parent c17e8a9bf2
2 changed files with 6 additions and 5 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3401,14 +3401,13 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

    if( operation->id == 0 )
-    {
        return( PSA_ERROR_BAD_STATE );
-    }

    if( operation->iv_set || ! operation->iv_required )
-    {
        return( PSA_ERROR_BAD_STATE );
-    }
+
+    if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
+        return( PSA_ERROR_INVALID_ARGUMENT );

    status = psa_driver_wrapper_cipher_set_iv( operation,
                                               iv,
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@ -138,7 +138,9 @@ psa_status_t mbedtls_psa_cipher_generate_iv(
 *
 * \param[in,out] operation     Active cipher operation.
 * \param[in] iv                Buffer containing the IV to use.
- * \param[in] iv_length         Size of the IV in bytes.
+ * \param[in] iv_length         Size of the IV in bytes. It is guaranteed by
+ *                              the core to be less or equal to
+ *                              PSA_CIPHER_IV_MAX_SIZE.
 *
 * \retval #PSA_SUCCESS
 * \retval #PSA_ERROR_INVALID_ARGUMENT