diff options
| author | Joakim Bech <joakim.bech@linaro.org> | 2018-09-07 10:28:16 +0200 |
|---|---|---|
| committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2019-01-21 18:28:37 +0100 |
| commit | 9607c419f030a02b2971536db4d384c10ae0e40f (patch) | |
| tree | 5e56db35941bc4ae8e7d61d30fc2f30384c162db /core/tee | |
| parent | 7e768f8a473409215fe3fff8f6e31f8a3a0103c6 (diff) | |
rpmb: check return value from essiv call
An error in the function essiv, as for example memory allocation failure
could result in an uninitialized IV, which means that the IV used for
en/decryption would consist of data previously stored at this memory
location. This could eventually corrupt the filesystem.
Fixes: "Return value of cryptographic function is unchecked" by Riscure.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reported-by: Riscure <inforequest@riscure.com>
Reported-by: Alyssa Milburn <a.a.milburn@vu.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Diffstat (limited to 'core/tee')
| -rw-r--r-- | core/tee/tee_fs_key_manager.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index f284e864..95921ab7 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -259,6 +259,8 @@ TEE_Result tee_fs_crypt_block(const TEE_UUID *uuid, uint8_t *out, /* Compute initialization vector for this block */ res = essiv(iv, fek, blk_idx); + if (res != TEE_SUCCESS) + return res; /* Run AES CBC */ res = crypto_cipher_alloc_ctx(&ctx, algo); |