diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 894e3cb860..6e7a7b6efe 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3511,6 +3511,13 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, key_type = slot->attr.type; iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg ); + if( output_size < PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_length ) ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + if( iv_length > 0 ) { if( output_size < iv_length ) @@ -3562,11 +3569,25 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( output_size < PSA_CIPHER_DECRYPT_OUTPUT_SIZE( slot->attr.type, alg, + input_length ) ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + status = psa_driver_wrapper_cipher_decrypt( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, output, output_size, output_length ); +exit: unlock_status = psa_unlock_key_slot( slot ); return( ( status == PSA_SUCCESS ) ? unlock_status : status ); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 8160800dd9..3ec5ec2416 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -535,6 +535,12 @@ static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; + if( output_size < accumulated_length ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + status = cipher_finish( &operation, output + accumulated_length, output_size - accumulated_length, &olength ); accumulated_length += olength;