From 7abf8ee51b99daff8b733085ae93d023fff24d39 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Thu, 1 Feb 2024 10:39:26 +0100
Subject: [PATCH] Add buffer protection for `cipher_generate_iv` and
 `cipher_set_iv`

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/psa_crypto.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8f89b6bc1b..3bcc408e62 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4361,7 +4361,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
 
 exit:
     if (status == PSA_SUCCESS) {
-        memcpy(iv, local_iv, default_iv_length);
+        psa_crypto_copy_output(local_iv, default_iv_length, iv, iv_size);
         *iv_length = default_iv_length;
         operation->iv_set = 1;
     } else {
@@ -4373,11 +4373,13 @@ exit:
 }
 
 psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
-                               const uint8_t *iv,
+                               const uint8_t *iv_external,
                                size_t iv_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
+    LOCAL_INPUT_DECLARE(iv_external, iv);
+
     if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -4393,6 +4395,8 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
         goto exit;
     }
 
+    LOCAL_INPUT_ALLOC(iv_external, iv_length, iv);
+
     status = psa_driver_wrapper_cipher_set_iv(operation,
                                               iv,
                                               iv_length);
@@ -4403,6 +4407,9 @@ exit:
     } else {
         psa_cipher_abort(operation);
     }
+
+    LOCAL_INPUT_FREE(iv_external, iv);
+
     return status;
 }