cryp: ensure that mode is cipher in syscall_cipher_init

When calling syscall_cipher_init there is no check being done that the state coming from the TA has been initialized to a valid cipher state. By checking the class we prevent an assert in cipher_ops. Fixes: OP-TEE-2019-0020 Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Reported-by: Martijn Bogaard <bogaard@riscure.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
OP-TEE · Oct 8, 2019 · 28aa35f · 28aa35f
1 parent 45a367d
commit 28aa35f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
@@ -2416,6 +2416,9 @@ TEE_Result syscall_cipher_init(unsigned long state, const void *iv,
 	if (res != TEE_SUCCESS)
 		return res;
 
+	if (TEE_ALG_GET_CLASS(cs->algo) != TEE_OPERATION_CIPHER)
+		return TEE_ERROR_BAD_STATE;
+
 	res = tee_mmu_check_access_rights(utc,
 					  TEE_MEMORY_ACCESS_READ |
 					  TEE_MEMORY_ACCESS_ANY_OWNER,