Skip to content

Commit d7d78f6

Browse files
laukik-haselaukik-hase
committed
fix(esp_tee): Correct the input validation checks for secure services
1 parent 1c4969b commit d7d78f6

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

components/esp_tee/subproject/main/core/esp_secure_services.c

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ int _ss_esp_aes_crypt_cbc(esp_aes_context *ctx,
177177
const unsigned char *input,
178178
unsigned char *output)
179179
{
180-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
180+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
181181
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
182182

183183
if (!valid_addr) {
@@ -196,7 +196,7 @@ int _ss_esp_aes_crypt_cfb128(esp_aes_context *ctx,
196196
const unsigned char *input,
197197
unsigned char *output)
198198
{
199-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
199+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
200200
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
201201

202202
if (!valid_addr) {
@@ -214,7 +214,7 @@ int _ss_esp_aes_crypt_cfb8(esp_aes_context *ctx,
214214
const unsigned char *input,
215215
unsigned char *output)
216216
{
217-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
217+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
218218
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
219219

220220
if (!valid_addr) {
@@ -233,7 +233,7 @@ int _ss_esp_aes_crypt_ctr(esp_aes_context *ctx,
233233
const unsigned char *input,
234234
unsigned char *output)
235235
{
236-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
236+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
237237
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
238238

239239
if (!valid_addr) {
@@ -249,7 +249,7 @@ int _ss_esp_aes_crypt_ecb(esp_aes_context *ctx,
249249
const unsigned char input[16],
250250
unsigned char output[16])
251251
{
252-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
252+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
253253
(esp_tee_ptr_in_ree((void *)(input + 16)) && esp_tee_ptr_in_ree((void *)(output + 16))));
254254

255255
if (!valid_addr) {
@@ -267,7 +267,7 @@ int _ss_esp_aes_crypt_ofb(esp_aes_context *ctx,
267267
const unsigned char *input,
268268
unsigned char *output)
269269
{
270-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
270+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
271271
(esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length))));
272272

273273
if (!valid_addr) {
@@ -282,7 +282,7 @@ int _ss_esp_aes_crypt_ofb(esp_aes_context *ctx,
282282

283283
void _ss_esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
284284
{
285-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &
285+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) &&
286286
(esp_tee_ptr_in_ree((void *)(input + ilen))));
287287

288288
if (!valid_addr) {
@@ -340,7 +340,7 @@ int _ss_esp_tee_ota_begin(void)
340340

341341
int _ss_esp_tee_ota_write(uint32_t rel_offset, void *data, size_t size)
342342
{
343-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)data)) &
343+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)data)) &&
344344
(esp_tee_ptr_in_ree((void *)((char *)data + size))));
345345

346346
if (!valid_addr) {
@@ -370,7 +370,7 @@ esp_err_t _ss_esp_tee_sec_storage_gen_key(uint16_t slot_id, uint8_t key_type)
370370

371371
esp_err_t _ss_esp_tee_sec_storage_get_signature(uint16_t slot_id, esp_tee_sec_storage_type_t key_type, uint8_t *hash, size_t hlen, esp_tee_sec_storage_sign_t *out_sign)
372372
{
373-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)hash) && esp_tee_ptr_in_ree((void *)out_sign)) &
373+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)hash) && esp_tee_ptr_in_ree((void *)out_sign)) &&
374374
(esp_tee_ptr_in_ree((void *)(hash + hlen)) &&
375375
esp_tee_ptr_in_ree((void *)((char *)out_sign + sizeof(esp_tee_sec_storage_sign_t)))));
376376

@@ -384,7 +384,7 @@ esp_err_t _ss_esp_tee_sec_storage_get_signature(uint16_t slot_id, esp_tee_sec_st
384384

385385
esp_err_t _ss_esp_tee_sec_storage_get_pubkey(uint16_t slot_id, esp_tee_sec_storage_type_t key_type, esp_tee_sec_storage_pubkey_t *pubkey)
386386
{
387-
bool valid_addr = ((esp_tee_ptr_in_ree((void *)pubkey)) &
387+
bool valid_addr = ((esp_tee_ptr_in_ree((void *)pubkey)) &&
388388
(esp_tee_ptr_in_ree((void *)((char *)pubkey + sizeof(esp_tee_sec_storage_pubkey_t)))));
389389

390390
if (!valid_addr) {

0 commit comments

Comments
 (0)