OP-TEE · hoyong2007 · Oct 11, 2024 · etienne-lms · Oct 14, 2024 · etienne-lms
diff --git a/libckteec/src/serialize_ck.c b/libckteec/src/serialize_ck.c
@@ -393,6 +393,9 @@ static CK_RV serialize_mecha_aes_ctr(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	uint32_t size = 0;
 
+	if (!param)
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	rv = serialize_32b(obj, obj->type);
 	if (rv)
 		return rv;
@@ -420,13 +423,13 @@ static CK_RV serialize_mecha_aes_gcm(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	CK_ULONG aad_len = 0;
 
+	if (!param || !param->pIv)
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	/* AAD is not manadatory */
 	if (param->pAAD)
 		aad_len = param->ulAADLen;
 
-	if (!param->pIv)
-		return CKR_MECHANISM_PARAM_INVALID;
-
 	rv = serialize_32b(obj, obj->type);
 	if (rv)
 		return rv;
@@ -461,6 +464,9 @@ static CK_RV serialize_mecha_aes_iv(struct serializer *obj,
 	uint32_t iv_size = mecha->ulParameterLen;
 	CK_RV rv = CKR_GENERAL_ERROR;
 
+	if (iv_size && !mecha->pParameter)
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	rv = serialize_32b(obj, obj->type);
 	if (rv)
 		return rv;
@@ -479,6 +485,9 @@ static CK_RV serialize_mecha_key_deriv_str(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	uint32_t size = 0;
 
+	if (!param || (param->ulLen && !param->pData))
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	rv = serialize_32b(obj, obj->type);
 	if (rv)
 		return rv;
@@ -500,7 +509,14 @@ static CK_RV serialize_mecha_ecdh1_derive_param(struct serializer *obj,
 {
 	CK_ECDH1_DERIVE_PARAMS *params = mecha->pParameter;
 	CK_RV rv = CKR_GENERAL_ERROR;
-	size_t params_size = 3 * sizeof(uint32_t) + params->ulSharedDataLen +
+	size_t params_size = 0;
+
+	if (!params ||
+	    (params->ulSharedDataLen && !params->pSharedData) ||
+	    (params->ulPublicDataLen && !params->pPublicData))
+		return CKR_MECHANISM_PARAM_INVALID;
+
+	params_size = 3 * sizeof(uint32_t) + params->ulSharedDataLen +
 			     params->ulPublicDataLen;
 
 	rv = serialize_32b(obj, obj->type);
@@ -539,6 +555,9 @@ static CK_RV serialize_mecha_aes_cbc_encrypt_data(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	uint32_t size = 0;
 
+	if (!param || (param->length && !param->pData))
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	rv = serialize_32b(obj, obj->type);
 	if (rv)
 		return rv;
@@ -566,6 +585,9 @@ static CK_RV serialize_mecha_rsa_pss_param(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	uint32_t params_size = 3 * sizeof(uint32_t);
 
+	if (!params)
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	if (mecha->ulParameterLen != sizeof(*params))
 		return CKR_ARGUMENTS_BAD;
 
@@ -593,7 +615,12 @@ static CK_RV serialize_mecha_rsa_oaep_param(struct serializer *obj,
 {
 	CK_RSA_PKCS_OAEP_PARAMS *params = mecha->pParameter;
 	CK_RV rv = CKR_GENERAL_ERROR;
-	size_t params_size = 4 * sizeof(uint32_t) + params->ulSourceDataLen;
+	size_t params_size = 0;
+
+	if (!params || (params->ulSourceDataLen && !params->pSourceData))
+		return CKR_MECHANISM_PARAM_INVALID;
+
+	params_size = 4 * sizeof(uint32_t) + params->ulSourceDataLen;
 
 	if (mecha->ulParameterLen != sizeof(*params))
 		return CKR_ARGUMENTS_BAD;
@@ -630,9 +657,18 @@ static CK_RV serialize_mecha_rsa_aes_key_wrap(struct serializer *obj,
 					      CK_MECHANISM_PTR mecha)
 {
 	CK_RSA_AES_KEY_WRAP_PARAMS *params = mecha->pParameter;
-	CK_RSA_PKCS_OAEP_PARAMS *aes_params = params->pOAEPParams;
+	CK_RSA_PKCS_OAEP_PARAMS *aes_params = NULL;
 	CK_RV rv = CKR_GENERAL_ERROR;
-	size_t params_size = 5 * sizeof(uint32_t) + aes_params->ulSourceDataLen;
+	size_t params_size = 0;
+
+	if (!params || !params->pOAEPParams)
+		return CKR_MECHANISM_PARAM_INVALID;
+
+	aes_params = params->pOAEPParams;
+	params_size = 5 * sizeof(uint32_t) + aes_params->ulSourceDataLen;
+
+	if (aes_params->ulSourceDataLen && !aes_params->pSourceData)
+	       return CKR_MECHANISM_PARAM_INVALID;	
 
 	if (mecha->ulParameterLen != sizeof(*params))
 		return CKR_ARGUMENTS_BAD;
@@ -675,6 +711,9 @@ static CK_RV serialize_mecha_eddsa(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	CK_EDDSA_PARAMS *params = mecha->pParameter;
 
+	if (!params || (params->ulContextDataLen && !params->pContextData))
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	rv = serialize_32b(obj, obj->type);
 	if (rv)
 		return rv;
@@ -700,6 +739,9 @@ static CK_RV serialize_mecha_mac_general_param(struct serializer *obj,
 	CK_RV rv = CKR_GENERAL_ERROR;
 	CK_ULONG ck_data = 0;
 
+	if (mecha->ulParameterLen && !mecha->pParameter)
+		return CKR_MECHANISM_PARAM_INVALID;
+
 	if (mecha->ulParameterLen != sizeof(ck_data))
 		return CKR_ARGUMENTS_BAD;