Merge "fix(intel): update fcs crypto init code to check for mode" into integration
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 843ec69..adeb069 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -2175,14 +2175,28 @@
param_addr_ptr = (uint64_t *) param_addr;
+ /* Check if mbox_error is not NULL or 0xF or 0x3FF */
+ if (mbox_error == NULL || *mbox_error > 0xF ||
+ (*mbox_error != 0 && *mbox_error != 0x3FF)) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
+ /* Check if param_addr is not 0 or larger that 0xFFFFFFFFFF */
+ if (param_addr == 0 || param_addr > 0xFFFFFFFFFF) {
+ return INTEL_SIP_SMC_STATUS_REJECTED;
+ }
+
/*
- * Since crypto param size vary between mode.
- * Check ECB here and limit to size 12 bytes
+ * Check if not ECB, CBC and CTR mode, addr ptr is NULL.
+ * Return "Reject" status
*/
- if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
- (param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
+ if ((param_addr_ptr == NULL) ||
+ (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_ECB_MODE) &&
+ ((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CBC_MODE) &&
+ ((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CTR_MODE))) {
return INTEL_SIP_SMC_STATUS_REJECTED;
}
+
/*
* Since crypto param size vary between mode.
* Check CBC/CTR here and limit to size 28 bytes
@@ -2193,7 +2207,12 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- if (mbox_error == NULL) {
+ /*
+ * Since crypto param size vary between mode.
+ * Check ECB here and limit to size 12 bytes
+ */
+ if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
+ (param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
return INTEL_SIP_SMC_STATUS_REJECTED;
}