mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Protect buffer in psa_export_public_key

Browse Source 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-01-08 17:19:30 +00:00
parent 45ac526592
commit b1d2c67ee0
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/psa_crypto.c
View File

@ -1714,7 +1714,7 @@ psa_status_t psa_export_public_key_internal(
} }
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
uint8_t *data, uint8_t *data_external,
size_t data_size, size_t data_size,
size_t *data_length) size_t *data_length)
{ {
@ -1722,6 +1722,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot; psa_key_slot_t *slot;
psa_key_attributes_t attributes; psa_key_attributes_t attributes;
LOCAL_OUTPUT_DECLARE(data_external, data);
/* Reject a zero-length output buffer now, since this can never be a /* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid * valid key representation. This way we know that data must be a valid
@ -1742,6 +1743,8 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
return status; return status;
} }
LOCAL_OUTPUT_ALLOC(data_external, data_size, data);
if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) { if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
goto exit; goto exit;
@ -1757,6 +1760,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
exit: exit:
unlock_status = psa_unlock_key_slot(slot); unlock_status = psa_unlock_key_slot(slot);
LOCAL_OUTPUT_FREE(data_external, data);
return (status == PSA_SUCCESS) ? unlock_status : status; return (status == PSA_SUCCESS) ? unlock_status : status;
} }