commit a0d68178388aa91385e0f39b8b95c71786307fe6
author Ronald Cron <ronald.cron@arm.com> Fri Mar 26 10:15:08 2021 +0100
committer Ronald Cron <ronald.cron@arm.com> Fri Mar 26 15:58:25 2021 +0100
tree dcfa9cbba5429b0e850bb23348e0089295d12504
parent c17e8a9bf242b1ce57cdfbb6f857d7faa0d0579e

psa: cipher: Add bound check of the IV length in the core

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5dd93af..ab4d18f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3401,14 +3401,13 @@
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     if( operation->id == 0 )
-    {
         return( PSA_ERROR_BAD_STATE );
-    }
 
     if( operation->iv_set || ! operation->iv_required )
-    {
         return( PSA_ERROR_BAD_STATE );
-    }
+
+    if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
+        return( PSA_ERROR_INVALID_ARGUMENT );
 
     status = psa_driver_wrapper_cipher_set_iv( operation,
                                                iv,

library/psa_crypto_cipher.h

diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 3130e8b..72c3f47 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -138,7 +138,9 @@
  *
  * \param[in,out] operation     Active cipher operation.
  * \param[in] iv                Buffer containing the IV to use.
- * \param[in] iv_length         Size of the IV in bytes.
+ * \param[in] iv_length         Size of the IV in bytes. It is guaranteed by
+ *                              the core to be less or equal to
+ *                              PSA_CIPHER_IV_MAX_SIZE.
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_ARGUMENT