mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 09:02:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Simplify LMS private key generation error handling

Browse Source 
Signed-off-by: Raef Coles <raef.coles@arm.com>
This commit is contained in:
Raef Coles 2022-10-07 13:27:54 +01:00
parent be3bdd8240
commit dc8fb79e09
No known key found for this signature in database
GPG Key ID: 1AAF1B43DF2086F4
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
library/lms.c
View File

@ -506,7 +506,10 @@ void mbedtls_lms_private_free( mbedtls_lms_private_t *ctx )
mbedtls_lmots_public_free( &ctx->ots_public_keys[idx] ); mbedtls_lmots_public_free( &ctx->ots_public_keys[idx] );
} }
if( ctx->ots_private_keys != NULL )
mbedtls_free( ctx->ots_private_keys ); mbedtls_free( ctx->ots_private_keys );
if( ctx->ots_public_keys != NULL )
mbedtls_free( ctx->ots_public_keys ); mbedtls_free( ctx->ots_public_keys );
} }
@ -522,7 +525,6 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
size_t seed_size ) size_t seed_size )
{ {
unsigned int idx = 0; unsigned int idx = 0;
unsigned int free_idx = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( type != MBEDTLS_LMS_SHA256_M32_H10 ) if( type != MBEDTLS_LMS_SHA256_M32_H10 )
@ -548,7 +550,7 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
MBEDTLS_LMOTS_I_KEY_ID_LEN ); MBEDTLS_LMOTS_I_KEY_ID_LEN );
ctx->ots_private_keys = mbedtls_calloc( ( size_t )MERKLE_TREE_LEAF_NODE_AM(ctx->params.type), ctx->ots_private_keys = mbedtls_calloc( ( size_t )MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
sizeof( mbedtls_lmots_private_t ) ); sizeof( *ctx->ots_private_keys ) );
if( ctx->ots_private_keys == NULL ) if( ctx->ots_private_keys == NULL )
{ {
ret = MBEDTLS_ERR_LMS_ALLOC_FAILED; ret = MBEDTLS_ERR_LMS_ALLOC_FAILED;
@ -556,13 +558,25 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
} }
ctx->ots_public_keys = mbedtls_calloc( ( size_t )MERKLE_TREE_LEAF_NODE_AM(ctx->params.type), ctx->ots_public_keys = mbedtls_calloc( ( size_t )MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
sizeof( mbedtls_lmots_public_t ) ); sizeof( *ctx->ots_public_keys ) );
if( ctx->ots_public_keys == NULL ) if( ctx->ots_public_keys == NULL )
{ {
/* Free just the ots private keys (since they've been allocated at this
* point) so that we can pass the context to lms_private_free (which
* will not try to free the private keys since have_private_key is not
* set.
*/
mbedtls_free(ctx->ots_private_keys);
ctx->ots_private_keys = NULL;
ret = MBEDTLS_ERR_LMS_ALLOC_FAILED; ret = MBEDTLS_ERR_LMS_ALLOC_FAILED;
goto exit; goto exit;
} }
/* Now that all the allocation has succeeded we set have_private_key, since
* that causes lms_private_free to free the ots keys.
*/
ctx->have_private_key = 1;
for( idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++ ) for( idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++ )
{ {
mbedtls_lmots_private_init( &ctx->ots_private_keys[idx] ); mbedtls_lmots_private_init( &ctx->ots_private_keys[idx] );
@ -586,23 +600,14 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
} }
ctx->q_next_usable_key = 0; ctx->q_next_usable_key = 0;
ctx->have_private_key = 1;
exit: exit:
if( ret != 0 ) if( ret != 0 )
{ {
for ( free_idx = 0; free_idx < idx; free_idx++ ) mbedtls_lms_private_free(ctx);
{
mbedtls_lmots_private_free( &ctx->ots_private_keys[free_idx] );
mbedtls_lmots_public_free( &ctx->ots_public_keys[free_idx] );
} }
mbedtls_free( ctx->ots_private_keys );
mbedtls_free( ctx->ots_public_keys );
return( ret ); return( ret );
}
return( 0 );
} }
int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,