Add buffer copying to psa_aead_decrypt()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4221079..3ca3be1 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3863,19 +3863,24 @@
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const uint8_t *nonce,
+ const uint8_t *nonce_external,
size_t nonce_length,
- const uint8_t *additional_data,
+ const uint8_t *additional_data_external,
size_t additional_data_length,
- const uint8_t *ciphertext,
+ const uint8_t *ciphertext_external,
size_t ciphertext_length,
- uint8_t *plaintext,
+ uint8_t *plaintext_external,
size_t plaintext_size,
size_t *plaintext_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ LOCAL_INPUT_DECLARE(nonce_external, nonce);
+ LOCAL_INPUT_DECLARE(additional_data_external, additional_data);
+ LOCAL_INPUT_DECLARE(ciphertext_external, ciphertext);
+ LOCAL_OUTPUT_DECLARE(plaintext_external, plaintext);
+
*plaintext_length = 0;
if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
@@ -3892,6 +3897,12 @@
.core = slot->attr
};
+ LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
+ LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length,
+ additional_data);
+ LOCAL_INPUT_ALLOC(ciphertext_external, ciphertext_length, ciphertext);
+ LOCAL_OUTPUT_ALLOC(plaintext_external, plaintext_size, plaintext);
+
status = psa_driver_wrapper_aead_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg,
@@ -3904,6 +3915,15 @@
memset(plaintext, 0, plaintext_size);
}
+/* Exit label is only used for buffer copying, prevent unused warnings. */
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+exit:
+#endif
+ LOCAL_INPUT_FREE(nonce_external, nonce);
+ LOCAL_INPUT_FREE(additional_data_external, additional_data);
+ LOCAL_INPUT_FREE(ciphertext_external, ciphertext);
+ LOCAL_OUTPUT_FREE(plaintext_external, plaintext);
+
psa_unlock_key_slot(slot);
return status;