commit bed71a2b17b5c7c046c5f4c0c3ae2176aaae200a
author Moran Peker <moran.peker@arm.com> Sun Apr 22 20:19:20 2018 +0300
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 05 12:14:28 2018 +0300
tree f002771c41525f18e25e65175423b3e5d287c4b4
parent 0071b873a3609885597e20be5ec6f428ceb22b95

fix missing check on output_size in psa_cipher_finish func

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fbc5949..2672627 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1466,13 +1466,31 @@
 {
     int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     
+    uint8_t temp_output_buffer[ MBEDTLS_MAX_BLOCK_LENGTH ];
+
     if( ! operation->key_set )
         return( PSA_ERROR_BAD_STATE );
     if( ! operation->iv_set )
         return( PSA_ERROR_BAD_STATE );
+    if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT )
+    {
+        if (operation->ctx.cipher.unprocessed_len > operation->block_size)
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        if ( ( ( ( operation->alg ) & PSA_ALG_BLOCK_CIPHER_PAD_NONE ) == PSA_ALG_BLOCK_CIPHER_PAD_NONE )
+            && ( operation->ctx.cipher.unprocessed_len != 0 ) )
+            return(PSA_ERROR_INVALID_ARGUMENT);
+        if ( ( ( ( operation->alg ) & PSA_ALG_BLOCK_CIPHER_PAD_PKCS7 ) == PSA_ALG_BLOCK_CIPHER_PAD_PKCS7 )
+            && ( output_size != operation->block_size ) )
+            return(PSA_ERROR_INVALID_ARGUMENT);
+    }
+    if ( operation->ctx.cipher.operation == MBEDTLS_DECRYPT )
+        if (operation->ctx.cipher.unprocessed_len != 0)
+            return( PSA_ERROR_INVALID_ARGUMENT );
 
-    ret = mbedtls_cipher_finish( &operation->ctx.cipher, output,
-                                output_length );
+    ret = mbedtls_cipher_finish(&operation->ctx.cipher, temp_output_buffer,
+                                output_length);
+    if ( output_size > *output_length )
+        memcpy( temp_output_buffer, output, *output_length );
     if( ret != 0 )
     {
         psa_cipher_abort( operation );