Port padding sanity checks from suprem

author Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>

Mon, 23 Apr 2018 09:51:29 +0000 (11:51 +0200)

committer Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>

Mon, 4 Jun 2018 10:06:23 +0000 (12:06 +0200)
author Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Mon, 23 Apr 2018 09:51:29 +0000 (11:51 +0200)
committer Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Mon, 4 Jun 2018 10:06:23 +0000 (12:06 +0200)
diff --git a/ssflib/src/ssf_crypto.cpp b/ssflib/src/ssf_crypto.cpp

index dccd8d040dd2ff7cc2d641d3d6566e3fde26b725..d0b315393b2ad4f71296445c51bec3d904012c56 100644 (file)
--- a/ssflib/src/ssf_crypto.cpp
+++ b/ssflib/src/ssf_crypto.cpp
@@ -1269,7 +1269,10 @@ int crypto_internal_final(crypto_internal_operation *operation, unsigned char *s
                                                 }
  
                                                 if (ok) {
-                                                       total_processing_len -= npad;        // padding OK. Othewise padding will not be removed
+                                                       if (total_processing_len >= npad)
+                                                               total_processing_len -= npad;        // padding OK. Othewise padding will not be removed
+                                                       else
+                                                               total_processing_len = 0;
                                                 }
                                         }
                                 } else if (operation->info.algorithm == TEE_ALG_AES_ECB_ISO9797_M1 ||operation->info.algorithm == TEE_ALG_AES_CBC_ISO9797_M1) {
@@ -1292,7 +1295,10 @@ int crypto_internal_final(crypto_internal_operation *operation, unsigned char *s
                                                 npad = 0;        // don't remove any padding
                                         }
  
-                                       total_processing_len -= npad;
+                                       if (total_processing_len >= npad)
+                                               total_processing_len -= npad;
+                                       else
+                                               total_processing_len = 0;
                                 } else if (operation->info.algorithm == TEE_ALG_AES_CTR || operation->info.algorithm == TEE_ALG_AES_CTR_NOPAD) {
                                         memcpy(operation->data, in_data, remaining_number_of_bytes);
                                         operation->data_len += remaining_number_of_bytes;
author	Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
	Mon, 23 Apr 2018 09:51:29 +0000 (11:51 +0200)
committer	Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
	Mon, 4 Jun 2018 10:06:23 +0000 (12:06 +0200)