commit b3fc05d77693fcc81d1dfee069e870cacff9364b
author Gilles Peskine <Gilles.Peskine@arm.com> Sat Jun 30 19:04:35 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:41:12 2018 +0300
tree b1329fdd0da7333156ebc437fddefde6b0e92391
parent 55c94dd500b88f429bdc5af6092448fc8932166e

psa_asymmetric_{encrypt,decrypt}: reject salt when not allowed

In psa_asymmetric_encrypt and psa_asymmetric_decrypt, if the algorithm
does not use a salt, require the salt to be empty.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c1cf490..02807a2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2125,13 +2125,11 @@
     key_slot_t *slot;
     psa_status_t status;
 
-    /* Only used by some algorithms which may or may not be included in the
-     * build-time configuration use the salt. */
-    (void) salt;
-    (void) salt_length;
-
     *output_length = 0;
 
+    if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
     status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
     if( status != PSA_SUCCESS )
         return( status );
@@ -2201,13 +2199,11 @@
     key_slot_t *slot;
     psa_status_t status;
 
-    /* Only used by some algorithms which may or may not be included in the
-     * build-time configuration use the salt. */
-    (void) salt;
-    (void) salt_length;
-
     *output_length = 0;
 
+    if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
     status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
     if( status != PSA_SUCCESS )
         return( status );