commit b8b026e8c2e823f8638d79deac18b8fc9f0e7029
author Julian Hall <julian.hall@arm.com> Fri Feb 11 14:19:26 2022 +0000
committer Gyorgy Szing <Gyorgy.Szing@arm.com> Tue May 17 15:29:39 2022 +0200
tree 008c684a65c5d017f9ec5b7e19e3c99bbe41c212
parent 0562ae09d261d8f335b22b2b8b40f7e4797f40cb

Add defence against uninitialised multi-part transaction

Adds checks for the condition where there is an attempt to
setup a multi-part transaction without first initialising
transaction state.

Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I39f63149fc5bb23d982fdbefb090481bbf9c690f

components/service/crypto/client/psa/psa_cipher.c

diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c
index 70836ea..3ab8ea2 100644
--- a/components/service/crypto/client/psa/psa_cipher.c
+++ b/components/service/crypto/client/psa/psa_cipher.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -13,6 +13,12 @@
 	psa_key_id_t key,
 	psa_algorithm_t alg)
 {
+	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
+		return psa_crypto_client_instance.init_status;
+
+	if (operation->handle)
+		return PSA_ERROR_BAD_STATE;
+
 	return crypto_caller_cipher_encrypt_setup(&psa_crypto_client_instance.base,
 		&operation->handle,
 		key, alg);
@@ -22,6 +28,12 @@
 	psa_key_id_t key,
 	psa_algorithm_t alg)
 {
+	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
+		return psa_crypto_client_instance.init_status;
+
+	if (operation->handle)
+		return PSA_ERROR_BAD_STATE;
+
 	return crypto_caller_cipher_decrypt_setup(&psa_crypto_client_instance.base,
 		&operation->handle,
 		key, alg);