Improve FREE_LOCAL_INPUT() and FREE_LOCAL_OUTPUT()

* Set swapped pointers to NULL when the buffers are freed. * Change example name <buffer> to <input> and <output> to reduce confusion. * Document assumptions of FREE_LOCAL_ macros. * Add comment on error case in FREE_LOCAL_OUTPUT(), explaining why it's okay to mask the existing status code. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-03-10 13:14:30 +00:00 · 2023-12-08 14:08:18 +00:00 · 2023-12-08 14:08:18 +00:00 · 3e72db4f51
commit 3e72db4f51
parent b7a5b6ed35
1 changed files with 25 additions and 2 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -115,7 +115,7 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
 * Assumptions:
 * - psa_status_t status exists
 * - An exit label is declared
- * - The name <buffer>_copy is not used for the given value of <buffer>
+ * - The name <input>_copy is not used for the given value of <input>
 */
 #define SWAP_FOR_LOCAL_INPUT(input, length) \
    psa_crypto_local_input_t input ## _copy = PSA_CRYPTO_LOCAL_INPUT_INIT; \
@ -125,14 +125,23 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
    } \
    input = input ## _copy.buffer;

+/* Free the substituted input buffer copy created by SWAP_FOR_LOCAL_INPUT().
+ * Note that this does not restore the pointer to the original buffer.
+ * Assumptions:
+ * - psa_crypto_local_input_t <input>_copy exists, for the given value of
+ *   <input>
+ * - <input>_copy was previously allocated by psa_crypto_local_input_alloc()
+ * - <input> points to <input>_copy.buffer
+ */
 #define FREE_LOCAL_INPUT(input) \
+    input = NULL; \
    psa_crypto_local_input_free(&input ## _copy);

 /* Substitute an output buffer for a local copy of itself.
 * Assumptions:
 * - psa_status_t status exists
 * - An exit label is declared
- * - The name <buffer>_copy is not used for the given value of <buffer>
+ * - The name <output>_copy is not used for the given value of <output>
 */
 #define SWAP_FOR_LOCAL_OUTPUT(output, length) \
    psa_crypto_local_output_t output ## _copy = PSA_CRYPTO_LOCAL_OUTPUT_INIT; \
@ -142,10 +151,24 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
    } \
    output = output ## _copy.buffer;

+/* Free the substituted output buffer copy created by SWAP_FOR_LOCAL_OUTPUT()
+ * after first copying back its contents to the original buffer.
+ * Note that this does not restore the pointer to the original buffer.
+ * Assumptions:
+ * - psa_crypto_local_output_t <output>_copy exists, for the given value of
+ *   <output>
+ * - <output>_copy was previously allocated by psa_crypto_local_output_alloc()
+ * - <output> points to <output>_copy.buffer
+ * - psa_status_t status exists
+ */
 #define FREE_LOCAL_OUTPUT(output) \
+    output = NULL; \
    psa_status_t local_output_free_status; \
    local_output_free_status = psa_crypto_local_output_free(&output ## _copy); \
    if (local_output_free_status != PSA_SUCCESS) { \
+        /* Since this error case is an internal error, it's more serious than \
+         * any existing error code and so it's fine to overwrite the existing \
+         * status. */ \
        status = local_output_free_status; \
    }
 #else /* MBEDTLS_PSA_COPY_CALLER_BUFFERS */