From b5a20d3bc5ca7109528f84dc8be19bf159f3755f Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 15 Nov 2023 16:26:01 +0000 Subject: [PATCH 1/3] Fix error handling for secure element keys in `psa_start_key_creation` Signed-off-by: Ryan Everett --- library/psa_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 969c695ac0..b13abf8f7f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1835,6 +1835,9 @@ static psa_status_t psa_start_key_creation( status = psa_copy_key_material_into_slot( slot, (uint8_t *) (&slot_number), sizeof(slot_number)); + if (status != PSA_SUCCESS) { + return status; + } } if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) { From b1c3d6e07b9cc8c77ed4bc4c0bc0956c65e3f288 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 15 Nov 2023 16:36:54 +0000 Subject: [PATCH 2/3] Add changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-secure-element-key-creation.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt new file mode 100644 index 0000000000..12441ae83d --- /dev/null +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the error handling in psa_start_key_creation so that + out of memory issues are properly handled. Fixes #8537. From 97cc7f89beeab4b4e89da7eefb782b4246c92e8c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 16 Nov 2023 15:21:08 +0000 Subject: [PATCH 3/3] Rewrite changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-secure-element-key-creation.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt index 12441ae83d..23a46c068d 100644 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -1,3 +1,5 @@ Bugfix - * Fix the error handling in psa_start_key_creation so that - out of memory issues are properly handled. Fixes #8537. + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537.