SVE-2017-8973: Buffer Overflow in Samsung TrustZone SCrypto Driver

Summary Due to missing input validation, the SCrypto implementation of the drTima secure driver (uuid ffffffffd0000000000000000000000a) was susceptible to a buffer overflow. The drTima secure driver implements a fully featured crypto engine entirely in software, called SCrypto. The SCrypto APIs are callable by all Trustlets without restriction. SCrypto is in fact the OpenSSL’s FIPS compliant library with an abstraction layer added to facilitate the same APIs for crypto operations that are present between Trustlets and Secure Drivers. The SCrypto command implements three kinds of functions: hashing (MD function family), encryption/decryption (3DES, AES, RSA), and signing (RSA). For each type, there are two types of implementations: