diff options
| author | Jorge Ramirez-Ortiz <jorge@foundries.io> | 2021-10-22 17:30:03 +0200 |
|---|---|---|
| committer | Jérôme Forissier <jerome@forissier.org> | 2021-11-02 16:48:30 +0100 |
| commit | 8bddeb8511ba0d00a18bb603bfd816825adea3f1 (patch) | |
| tree | bafdc663a4590306acdd0bb7bede27e259ac64af /core | |
| parent | ced0ec638f9a50a52d1d301b321937aad47d80a1 (diff) | |
drivers: crypto: rsa/ecc/dsa: input parameter validation
To comply with the PKCS#11 convention for functions returning output
in a variable-length buffer, prefer to check the required size of the
output buffer before the existence of the output buffer itself.
This will save callers from having to allocate a buffer that might not
be used.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>
Diffstat (limited to 'core')
| -rw-r--r-- | core/drivers/crypto/crypto_api/acipher/dsa.c | 7 | ||||
| -rw-r--r-- | core/drivers/crypto/crypto_api/acipher/ecc.c | 14 | ||||
| -rw-r--r-- | core/drivers/crypto/crypto_api/acipher/rsa.c | 21 |
3 files changed, 36 insertions, 6 deletions
diff --git a/core/drivers/crypto/crypto_api/acipher/dsa.c b/core/drivers/crypto/crypto_api/acipher/dsa.c index 9723073f..780b8bec 100644 --- a/core/drivers/crypto/crypto_api/acipher/dsa.c +++ b/core/drivers/crypto/crypto_api/acipher/dsa.c @@ -128,7 +128,7 @@ TEE_Result crypto_acipher_dsa_sign(uint32_t algo, struct dsa_keypair *key, size_t l_bytes = 0; size_t n_bytes = 0; - if (!key || !msg || !sig || !sig_len) { + if (!key || !msg || !sig_len) { CRYPTO_TRACE("Input parameters reference error"); return TEE_ERROR_BAD_PARAMETERS; } @@ -149,6 +149,11 @@ TEE_Result crypto_acipher_dsa_sign(uint32_t algo, struct dsa_keypair *key, return TEE_ERROR_SHORT_BUFFER; } + if (!sig) { + CRYPTO_TRACE("Parameter \"sig\" reference error"); + return TEE_ERROR_BAD_PARAMETERS; + } + dsa = drvcrypt_get_ops(CRYPTO_DSA); if (dsa) { sdata.algo = algo; diff --git a/core/drivers/crypto/crypto_api/acipher/ecc.c b/core/drivers/crypto/crypto_api/acipher/ecc.c index c2a6c135..31f6971c 100644 --- a/core/drivers/crypto/crypto_api/acipher/ecc.c +++ b/core/drivers/crypto/crypto_api/acipher/ecc.c @@ -138,7 +138,7 @@ static TEE_Result ecc_sign(uint32_t algo, struct ecc_keypair *key, size_t size_bytes = 0; /* Verify first the input parameters */ - if (!key || !msg || !sig || !sig_len) { + if (!key || !msg || !sig_len) { CRYPTO_TRACE("Input parameters reference error"); return ret; } @@ -158,6 +158,11 @@ static TEE_Result ecc_sign(uint32_t algo, struct ecc_keypair *key, return TEE_ERROR_SHORT_BUFFER; } + if (!sig) { + CRYPTO_TRACE("Parameter \"sig\" reference error"); + return TEE_ERROR_BAD_PARAMETERS; + } + ecc = drvcrypt_get_ops(CRYPTO_ECC); if (ecc) { /* @@ -263,7 +268,7 @@ static TEE_Result ecc_shared_secret(struct ecc_keypair *private_key, size_t size_bytes = 0; /* Verify first the input parameters */ - if (!private_key || !public_key || !secret || !secret_len) { + if (!private_key || !public_key || !secret_len) { CRYPTO_TRACE("Input parameters reference error"); return ret; } @@ -283,6 +288,11 @@ static TEE_Result ecc_shared_secret(struct ecc_keypair *private_key, return TEE_ERROR_SHORT_BUFFER; } + if (!secret) { + CRYPTO_TRACE("Parameter \"secret\" reference error"); + return ret; + } + ecc = drvcrypt_get_ops(CRYPTO_ECC); if (ecc) { /* diff --git a/core/drivers/crypto/crypto_api/acipher/rsa.c b/core/drivers/crypto/crypto_api/acipher/rsa.c index a717a645..94261919 100644 --- a/core/drivers/crypto/crypto_api/acipher/rsa.c +++ b/core/drivers/crypto/crypto_api/acipher/rsa.c @@ -150,7 +150,7 @@ TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key, struct drvcrypt_rsa *rsa = NULL; struct drvcrypt_rsa_ed rsa_data = { }; - if (!key || !msg || !cipher || !cipher_len) { + if (!key || !msg || !cipher_len) { CRYPTO_TRACE("Parameters error (key @%p)\n" "(msg @%p size %zu bytes)\n" "(cipher @%p size %zu bytes)", @@ -170,6 +170,11 @@ TEE_Result crypto_acipher_rsanopad_encrypt(struct rsa_public_key *key, return TEE_ERROR_SHORT_BUFFER; } + if (!cipher) { + CRYPTO_TRACE("Parameter \"cipher\" reference error"); + return TEE_ERROR_BAD_PARAMETERS; + } + rsa = drvcrypt_get_ops(CRYPTO_RSA); if (rsa) { /* Prepare the encryption data parameters */ @@ -260,7 +265,7 @@ TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo, struct drvcrypt_rsa *rsa = NULL; struct drvcrypt_rsa_ed rsa_data = { }; - if (!key || !msg || !cipher || !cipher_len || (!label && label_len)) { + if (!key || !msg || !cipher_len || (!label && label_len)) { CRYPTO_TRACE("Parameters error (key @%p\n" "(msg @%p size %zu bytes)\n" "(cipher @%p size %zu bytes)\n" @@ -282,6 +287,11 @@ TEE_Result crypto_acipher_rsaes_encrypt(uint32_t algo, return TEE_ERROR_SHORT_BUFFER; } + if (!cipher) { + CRYPTO_TRACE("Parameter \"cipher\" reference error"); + return TEE_ERROR_BAD_PARAMETERS; + } + rsa = drvcrypt_get_ops(CRYPTO_RSA); if (rsa) { /* Prepare the encryption data parameters */ @@ -339,7 +349,7 @@ TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, struct drvcrypt_rsa *rsa = NULL; struct drvcrypt_rsa_ssa rsa_ssa = { }; - if (!key || !msg || !sig || !sig_len) { + if (!key || !msg || !sig_len) { CRYPTO_TRACE("Input parameters reference error"); return ret; } @@ -376,6 +386,11 @@ TEE_Result crypto_acipher_rsassa_sign(uint32_t algo, struct rsa_keypair *key, return TEE_ERROR_SHORT_BUFFER; } + if (!sig) { + CRYPTO_TRACE("Parameter \"sig\" reference error"); + return TEE_ERROR_BAD_PARAMETERS; + } + rsa = drvcrypt_get_ops(CRYPTO_RSA); if (rsa) { /* Prepare the Encoded Signature structure data */ |