From 406008ab4c4a90e133b258ef0234997517876ed6 Mon Sep 17 00:00:00 2001 From: Moran Peker Date: Sun, 22 Apr 2018 20:20:29 +0300 Subject: [PATCH] add missing check on output_size in psa_cipher_update func --- library/psa_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2672627213..0e2d6dafa3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1445,7 +1445,8 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, { int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - if( output_size < input_length ) + if( ( ( PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) && ( output_size < input_length ) ) + || ( ( PSA_ALG_IS_BLOCK_CIPHER(operation->alg)) && ( output_size < ((operation->ctx.cipher.unprocessed_len + input_length)/16)*16 ) ) ) return ( PSA_ERROR_BUFFER_TOO_SMALL ); ret = mbedtls_cipher_update( &operation->ctx.cipher, input,