optee-os: Fix CVE-2026-33662

Pick patch from [1] as mentioned in OP-TEE os security report in [2]. [1] https://github.com/OP-TEE/optee_os/commit/caeaa2ae551666068894005387cca4113b10873f [2] https://github.com/OP-TEE/optee_os/security/advisories/GHSA-4cf8-v5g3-73gr Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com> Reviewed-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-05-30 12:30:14 +00:00 · 2026-05-21 11:46:26 +02:00
parent 313a5da55a
commit c4fd56386e
2 changed files with 41 additions and 0 deletions
@@ -0,0 +1,40 @@
+From 2fdf0aa10bd23c0e4633efa087a27ff07f79015f Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Thu, 22 Jan 2026 14:19:36 +0100
+Subject: [PATCH] core: crypto_api: fix underflow in emsa_pkcs1_v1_5_encode()
+
+Guard against an integer underflow in emsa_pkcs1_v1_5_encode() that can
+occur when calculating the padding field in the EMA-PKCS1-v1_5 encoding.
+
+CVE: CVE-2026-33662
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/caeaa2ae551666068894005387cca4113b10873f]
+
+Fixes: f5a70e3efb80 ("drivers: crypto: generic resources for crypto device driver - RSA")
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>
+Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com>
+---
+ core/drivers/crypto/crypto_api/acipher/rsassa.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/core/drivers/crypto/crypto_api/acipher/rsassa.c b/core/drivers/crypto/crypto_api/acipher/rsassa.c
+index 0f71b84cc..01f8d7dc9 100644
+--- a/core/drivers/crypto/crypto_api/acipher/rsassa.c
+++ b/core/drivers/crypto/crypto_api/acipher/rsassa.c
+@@ -45,9 +45,10 @@ static TEE_Result emsa_pkcs1_v1_5_encode(struct drvcrypt_rsa_ssa *ssa_data,
+ 	 * Calculate the PS size
+ 	 *  EM Size (modulus size) - 3 bytes - DigestInfo DER format size
+ 	 */
+-	ps_size = ssa_data->key.n_size - 3;
+-	ps_size -= ssa_data->digest_size;
+-	ps_size -= 10 + hash_oid->asn1_length;
+	if (SUB_OVERFLOW(ssa_data->key.n_size, 3, &ps_size) ||
+	    SUB_OVERFLOW(ps_size, ssa_data->digest_size, &ps_size) ||
+	    SUB_OVERFLOW(ps_size, 10 + hash_oid->asn1_length, &ps_size))
+		return TEE_ERROR_BAD_PARAMETERS;
+ 
+ 	CRYPTO_TRACE("PS size = %zu (n %zu)", ps_size, ssa_data->key.n_size);
+ 
+-- 
+2.43.0
+
@@ -10,4 +10,5 @@ SRC_URI += " \
    file://CVE-2026-33317-1.patch \
    file://CVE-2026-33317-2.patch \
    file://CVE-2026-33317-3.patch \
+    file://CVE-2026-33662.patch \
   "