aboutsummaryrefslogtreecommitdiff
path: root/core/lib
diff options
context:
space:
mode:
authorOliver Chiang <rockerfeynman@gmail.com>2019-01-30 15:15:18 +0000
committerJérôme Forissier <jerome.forissier@linaro.org>2019-01-31 13:07:46 +0100
commit6d8fa9326e3c341f195617da4ed01d2d43c9fdff (patch)
treebfcc469ec0b7ff0e3a1e779787f0b9480c65c3b1 /core/lib
parent1656edf3446eb3ec2033a5487f7ae9854ceacfe1 (diff)
ltc: fix the CBC_MAC error
When there is some data already pending in the cbc->block and the input data size is not large enough to do cbc_encrypt(), the pending data is going to be overwritten. For example, a serial input with size like 3,3... uncovers this bug. Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Diffstat (limited to 'core/lib')
-rw-r--r--core/lib/libtomcrypt/src/tee_ltc_provider.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c
index d9ebf0de..a679898c 100644
--- a/core/lib/libtomcrypt/src/tee_ltc_provider.c
+++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c
@@ -2216,6 +2216,7 @@ TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data,
if (CRYPT_OK != ltc_res)
return TEE_ERROR_BAD_STATE;
cbc->is_computed = 1;
+ cbc->current_block_len = 0;
}
while (len >= cbc->block_len) {
@@ -2228,9 +2229,11 @@ TEE_Result crypto_mac_update(void *ctx, uint32_t algo, const uint8_t *data,
len -= cbc->block_len;
}
- if (len > 0)
- memcpy(cbc->block, data, len);
- cbc->current_block_len = len;
+ if (len > 0) {
+ assert(cbc->current_block_len + len < cbc->block_len);
+ memcpy(cbc->block + cbc->current_block_len, data, len);
+ cbc->current_block_len += len;
+ }
break;
#endif
#if defined(CFG_CRYPTO_CMAC)
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 09:28:05 +0000