Skip to content

Commit f3294ef

Browse files
author
itayzafrir
committed
Do not allocate zero sized buffers - cipher
1 parent 19952d9 commit f3294ef

File tree

1 file changed

+35
-21
lines changed

1 file changed

+35
-21
lines changed

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

Lines changed: 35 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1009,30 +1009,39 @@ static void psa_symmetric_operation(void)
10091009
}
10101010

10111011
case PSA_CIPHER_UPDATE: {
1012-
size_t input_length = msg.in_size[1];
1013-
size_t output_size = msg.out_size[0];
1014-
size_t output_length = 0;
1012+
size_t input_length = msg.in_size[1],
1013+
output_size = msg.out_size[0],
1014+
output_length = 0;
10151015
uint8_t *input = NULL;
10161016
unsigned char *output = NULL;
10171017

1018-
input = mbedtls_calloc(1, input_length);
1019-
output = mbedtls_calloc(1, output_size);
1020-
if (input == NULL || output == NULL) {
1021-
psa_cipher_abort(msg.rhandle);
1022-
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1023-
} else {
1024-
bytes_read = psa_read(msg.handle, 1, input, input_length);
1025-
if (bytes_read != input_length) {
1026-
SPM_PANIC("SPM read length mismatch");
1018+
if (input_length > 0) {
1019+
input = mbedtls_calloc(1, input_length);
1020+
if (input == NULL) {
1021+
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1022+
} else {
1023+
bytes_read = psa_read(msg.handle, 1, input, input_length);
1024+
if (bytes_read != input_length) {
1025+
SPM_PANIC("SPM read length mismatch");
1026+
}
10271027
}
1028+
}
1029+
if (status == PSA_SUCCESS && output_size > 0) {
1030+
output = mbedtls_calloc(1, output_size);
1031+
if (output == NULL) {
1032+
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1033+
}
1034+
}
10281035

1036+
if (status == PSA_SUCCESS) {
10291037
status = psa_cipher_update(msg.rhandle, input, input_length, output, output_size,
10301038
&output_length);
10311039
if (status == PSA_SUCCESS) {
10321040
psa_write(msg.handle, 0, output, output_length);
10331041
psa_write(msg.handle, 1, &output_length, sizeof(output_length));
10341042
}
1035-
1043+
} else {
1044+
psa_cipher_abort(msg.rhandle);
10361045
}
10371046

10381047
mbedtls_free(input);
@@ -1045,21 +1054,26 @@ static void psa_symmetric_operation(void)
10451054
}
10461055

10471056
case PSA_CIPHER_FINISH: {
1048-
uint8_t *output;
1049-
size_t output_size = msg.out_size[0];
1050-
size_t output_length = 0;
1057+
uint8_t *output = NULL;
1058+
size_t output_size = msg.out_size[0],
1059+
output_length = 0;
10511060

1052-
output = mbedtls_calloc(1, output_size);
1053-
if (output == NULL) {
1054-
psa_cipher_abort(msg.rhandle);
1055-
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1056-
} else {
1061+
if (output_size > 0) {
1062+
output = mbedtls_calloc(1, output_size);
1063+
if (output == NULL) {
1064+
status = PSA_ERROR_INSUFFICIENT_MEMORY;
1065+
}
1066+
}
1067+
1068+
if (status == PSA_SUCCESS) {
10571069
status = psa_cipher_finish(msg.rhandle, output, output_size, &output_length);
10581070
if (status == PSA_SUCCESS) {
10591071
psa_write(msg.handle, 0, output, output_length);
10601072
psa_write(msg.handle, 1, &output_length, sizeof(output_length));
10611073
}
10621074
mbedtls_free(output);
1075+
} else {
1076+
psa_cipher_abort(msg.rhandle);
10631077
}
10641078

10651079
mbedtls_free(msg.rhandle);

0 commit comments

Comments
 (0)