diff options
author | Etienne Carriere <etienne.carriere@linaro.org> | 2018-04-06 10:06:42 +0200 |
---|---|---|
committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2018-04-17 10:39:55 +0200 |
commit | 2733280a19c40fb1555b01b983d6eedb47642afd (patch) | |
tree | 4ee38cee3bedddc635e06b16246af1c55d797eae /lib/libutee | |
parent | 9d8c378dfa3dfb21552c7c1074c9b81f2c09a4f1 (diff) |
libutee: out and tag buffers can be too short in TEE_AEEncryptFinal
With this change, a single call to TEE_AEEncryptFinal() checks both
the output data buffer size and the tag buffer size and return
TEE_ERROR_SHORT_BUFFER with both expected size if at least one
of the provided buffer is too short.
Before this change caller may need to call twice TEE_AEEncryptFinal()
in the right order to get the output buffers sizes, first for the
output data size then for the tag data size.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'lib/libutee')
-rw-r--r-- | lib/libutee/tee_api_operations.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/libutee/tee_api_operations.c b/lib/libutee/tee_api_operations.c index 5f121344..bcffa228 100644 --- a/lib/libutee/tee_api_operations.c +++ b/lib/libutee/tee_api_operations.c @@ -1472,24 +1472,26 @@ TEE_Result TEE_AEEncryptFinal(TEE_OperationHandle operation, * Check that required destLen is big enough before starting to feed * data to the algorithm. Errors during feeding of data are fatal as we * can't restore sync with this API. + * + * Need to check this before update_payload since sync would be lost if + * we return short buffer after that. */ + res = TEE_ERROR_GENERIC; + req_dlen = operation->buffer_offs + srcLen; if (*destLen < req_dlen) { *destLen = req_dlen; res = TEE_ERROR_SHORT_BUFFER; - goto out; } - /* - * Need to check this before update_payload since sync would be lost if - * we return short buffer after that. - */ if (*tagLen < operation->ae_tag_len) { *tagLen = operation->ae_tag_len; res = TEE_ERROR_SHORT_BUFFER; - goto out; } + if (res == TEE_ERROR_SHORT_BUFFER) + goto out; + tl = *tagLen; tmp_dlen = *destLen - acc_dlen; if (operation->block_size > 1) { |