Check IV size before calling TEE_AEInit()

Change-Id: Ib1b30c9c875a67a21a8833d86b881e2491116ac3

diff --git a/ta/src/cmd_exec.c b/ta/src/cmd_exec.c
index c71bc3f2b6e90b3de3f4ac63fc3676618a8d7898..31a8edfeb8324eaa6bd1331786aac3a293000a2e 100644 (file)
--- a/ta/src/cmd_exec.c
+++ b/ta/src/cmd_exec.c
@@ -2650,6 +2650,12 @@ TEE_Result KM_ExecCmdCipherInit(TEE_Param param[4])
                goto clean;
        }
 
+       if (iv.data == NULL || iv.data_size < 12) {
+               LOG("Invalid IV. iv.data_size=%d", iv.data_size);
+               ret = TEE_ERROR_BAD_PARAMETERS;
+               goto clean;
+       }
+
        // open key and (if needed) decrypt it
        if (with_pwd) {
                ret = KM_DecryptKey(key_id.data, key_id.data_size, &pwd_data, &key);

diff --git a/ta/src/crypto_auth.c b/ta/src/crypto_auth.c
index 726a68ad97b3d921bb650439986f5ae8ad369a4d..6e3bb2144b20ae64d7cda69c8631f0d012cb39af 100644 (file)
--- a/ta/src/crypto_auth.c
+++ b/ta/src/crypto_auth.c
@@ -32,7 +32,7 @@ TEE_Result KM_AuthEncrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size,
 
        if (iv == NULL || iv_size < 12) {
                LOG("Provided IV is not big enough (%d bytes)", iv_size);
-               return TEE_ERROR_NOT_SUPPORTED;
+               return TEE_ERROR_BAD_PARAMETERS;
        }
 
        ret = TEE_AEInit(hndl, iv, (size_t)iv_size, tag_len_bits, aad_size, payload_len_bits);
@@ -64,6 +64,11 @@ TEE_Result KM_AuthDecrypt(TEE_OperationHandle hndl, void *iv, uint32_t iv_size,
 {
        TEE_Result ret = TEE_SUCCESS;
 
+       if (iv == NULL || iv_size < 12) {
+               LOG("Provided IV is not big enough (%d bytes)", iv_size);
+               return TEE_ERROR_BAD_PARAMETERS;
+       }
+
        ret = TEE_AEInit(hndl, iv, (size_t)iv_size, tag_len_bits, aad_size, payload_len_bits);
        if (TEE_ERROR_NOT_SUPPORTED == ret) {
                ret = TEE_ERROR_BAD_PARAMETERS;