psa: cipher: Add bound check of the IV length in the core

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-03-26 10:15:08 +01:00
parent c17e8a9bf2
commit a0d6817838
2 changed files with 6 additions and 5 deletions

View File

@ -3401,14 +3401,13 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
{
return( PSA_ERROR_BAD_STATE );
}
if( operation->iv_set || ! operation->iv_required )
{
return( PSA_ERROR_BAD_STATE );
}
if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_driver_wrapper_cipher_set_iv( operation,
iv,

View File

@ -138,7 +138,9 @@ psa_status_t mbedtls_psa_cipher_generate_iv(
*
* \param[in,out] operation Active cipher operation.
* \param[in] iv Buffer containing the IV to use.
* \param[in] iv_length Size of the IV in bytes.
* \param[in] iv_length Size of the IV in bytes. It is guaranteed by
* the core to be less or equal to
* PSA_CIPHER_IV_MAX_SIZE.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT