mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-10 15:40:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix potential non-NULL slot return on failure

Browse Source 
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-04-29 18:24:58 +01:00
parent 3dbb502098
commit d4ea40de44
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/psa_crypto_slot_management.c
View File

@ -440,6 +440,9 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
status = PSA_ERROR_INVALID_HANDLE; status = PSA_ERROR_INVALID_HANDLE;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
if (status != PSA_SUCCESS) {
*p_slot = NULL;
}
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
&mbedtls_threading_key_slot_mutex)); &mbedtls_threading_key_slot_mutex));