Fix NULL+0 undefined behavior in ECB encryption and decryption psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to a null pointer when the cipher does not use an IV. This is undefined behavior, although it works as naively expected on most platforms. This can cause a crash with modern Clang+ASan (depending on compiler optimizations). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 42649d9270d9f75b63d55b08a10d334d266d3905 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 23 14:15:57 2022 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 23 14:16:52 2022 +0100
tree: fb27321c60a338fb42c41d0196491834c14e972f
parent: 1d1d53622fca13ffb5ebf85a919ecbf18a24dec4 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8c9deff..e881f2f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -3454,8 +3454,8 @@
     status = psa_driver_wrapper_cipher_encrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg, local_iv, default_iv_length, input, input_length,
-        output + default_iv_length, output_size - default_iv_length,
-        output_length );
+        mbedtls_buffer_offset( output, default_iv_length ),
+        output_size - default_iv_length, output_length );
 
 exit:
     unlock_status = psa_unlock_key_slot( slot );
commit	42649d9270d9f75b63d55b08a10d334d266d3905	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Nov 23 14:15:57 2022 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Nov 23 14:16:52 2022 +0100
tree	fb27321c60a338fb42c41d0196491834c14e972f
parent	1d1d53622fca13ffb5ebf85a919ecbf18a24dec4 [diff] [blame]