commit 13a15c2390b090eb11fba63dcc7cbcbec8eb4853
author Gabor Mezei <gabor.mezei@arm.com> Wed Jan 24 16:56:00 2024 +0100
committer Gabor Mezei <gabor.mezei@arm.com> Thu Feb 29 16:41:03 2024 +0000
tree 5893dbb07e38bd0b22ed7653fb54f05ddf6e4b2a
parent be49b6b23998cad1d5243b7b5903f5862e92291b

Add buffer protection for cipher functions

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e9c1fac..909c0ad 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3763,14 +3763,20 @@
 }
 
 psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
-                               const uint8_t *input,
+                               const uint8_t *input_external,
                                size_t input_length,
-                               uint8_t *output,
+                               uint8_t *output_external,
                                size_t output_size,
                                size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
+    LOCAL_INPUT_DECLARE(input_external, input);
+    LOCAL_OUTPUT_DECLARE(output_external, output);
+
+    LOCAL_INPUT_ALLOC(input_external, input_length, input);
+    LOCAL_OUTPUT_ALLOC_WITH_COPY(output_external, output_size, output);
+
     if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3793,16 +3799,23 @@
         psa_cipher_abort(operation);
     }
 
+    LOCAL_INPUT_FREE(input_external, input);
+    LOCAL_OUTPUT_FREE(output_external, output);
+
     return status;
 }
 
 psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
-                               uint8_t *output,
+                               uint8_t *output_external,
                                size_t output_size,
                                size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 
+    LOCAL_OUTPUT_DECLARE(output_external, output);
+
+    LOCAL_OUTPUT_ALLOC_WITH_COPY(output_external, output_size, output);
+
     if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -3820,13 +3833,15 @@
 
 exit:
     if (status == PSA_SUCCESS) {
-        return psa_cipher_abort(operation);
+        status = psa_cipher_abort(operation);
     } else {
         *output_length = 0;
         (void) psa_cipher_abort(operation);
-
-        return status;
     }
+
+    LOCAL_OUTPUT_FREE(output_external, output);
+
+    return status;
 }
 
 psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
@@ -3931,9 +3946,9 @@
 
 psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
                                 psa_algorithm_t alg,
-                                const uint8_t *input,
+                                const uint8_t *input_external,
                                 size_t input_length,
-                                uint8_t *output,
+                                uint8_t *output_external,
                                 size_t output_size,
                                 size_t *output_length)
 {
@@ -3942,6 +3957,12 @@
     psa_key_attributes_t attributes;
     psa_key_slot_t *slot = NULL;
 
+    LOCAL_INPUT_DECLARE(input_external, input);
+    LOCAL_OUTPUT_DECLARE(output_external, output);
+
+    LOCAL_INPUT_ALLOC(input_external, input_length, input);
+    LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
+
     if (!PSA_ALG_IS_CIPHER(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
@@ -3978,6 +3999,9 @@
         *output_length = 0;
     }
 
+    LOCAL_INPUT_FREE(input_external, input);
+    LOCAL_OUTPUT_FREE(output_external, output);
+
     return status;
 }