From 7901abc932c1a037c0f752559c36f029a09f10df Mon Sep 17 00:00:00 2001
From: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Date: Mon, 23 Apr 2018 11:51:29 +0200
Subject: [PATCH] Port padding sanity checks from suprem

Change-Id: Icee3e0f1e04ee874fd931ec0079a28f606ad9638
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
---
 ssflib/src/ssf_crypto.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ssflib/src/ssf_crypto.cpp b/ssflib/src/ssf_crypto.cpp
index dccd8d0..d0b3153 100644
--- a/ssflib/src/ssf_crypto.cpp
+++ b/ssflib/src/ssf_crypto.cpp
@@ -1269,7 +1269,10 @@ int crypto_internal_final(crypto_internal_operation *operation, unsigned char *s
 						}
 
 						if (ok) {
-							total_processing_len -= npad;        // padding OK. Othewise padding will not be removed
+							if (total_processing_len >= npad)
+								total_processing_len -= npad;        // padding OK. Othewise padding will not be removed
+							else
+								total_processing_len = 0;
 						}
 					}
 				} else if (operation->info.algorithm == TEE_ALG_AES_ECB_ISO9797_M1 ||operation->info.algorithm == TEE_ALG_AES_CBC_ISO9797_M1) {
@@ -1292,7 +1295,10 @@ int crypto_internal_final(crypto_internal_operation *operation, unsigned char *s
 						npad = 0;        // don't remove any padding
 					}
 
-					total_processing_len -= npad;
+					if (total_processing_len >= npad)
+						total_processing_len -= npad;
+					else
+						total_processing_len = 0;
 				} else if (operation->info.algorithm == TEE_ALG_AES_CTR || operation->info.algorithm == TEE_ALG_AES_CTR_NOPAD) {
 					memcpy(operation->data, in_data, remaining_number_of_bytes);
 					operation->data_len += remaining_number_of_bytes;
-- 
2.34.1