mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

psa: export: Check output buffer size earlier

Browse Source 
Check output buffer size before doing anything
that requires a clean-up if a failure happens.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-01-18 13:22:38 +01:00
parent 9cfdf6ebe7
commit e907e55f39
1 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
library/psa_crypto.c
View File

@ -1217,6 +1217,12 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot; psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
if( data_size == 0 )
return( PSA_ERROR_BUFFER_TOO_SMALL );
/* Set the key to empty now, so that even when there are errors, we always /* Set the key to empty now, so that even when there are errors, we always
* set data_length to a value between 0 and data_size. On error, setting * set data_length to a value between 0 and data_size. On error, setting
* the key to empty is a good choice because an empty key representation is * the key to empty is a good choice because an empty key representation is
@ -1232,15 +1238,6 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
if( data_size == 0 )
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
psa_key_attributes_t attributes = { psa_key_attributes_t attributes = {
.core = slot->attr .core = slot->attr
}; };
@ -1248,7 +1245,6 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
slot->key.data, slot->key.bytes, slot->key.data, slot->key.bytes,
data, data_size, data_length ); data, data_size, data_length );
exit:
unlock_status = psa_unlock_key_slot( slot ); unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status ); return( ( status == PSA_SUCCESS ) ? unlock_status : status );
@ -1325,6 +1321,12 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot; psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
if( data_size == 0 )
return( PSA_ERROR_BUFFER_TOO_SMALL );
/* Set the key to empty now, so that even when there are errors, we always /* Set the key to empty now, so that even when there are errors, we always
* set data_length to a value between 0 and data_size. On error, setting * set data_length to a value between 0 and data_size. On error, setting
* the key to empty is a good choice because an empty key representation is * the key to empty is a good choice because an empty key representation is
@ -1342,15 +1344,6 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
/* Reject a zero-length output buffer now, since this can never be a
* valid key representation. This way we know that data must be a valid
* pointer and we can do things like memset(data, ..., data_size). */
if( data_size == 0 )
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
psa_key_attributes_t attributes = { psa_key_attributes_t attributes = {
.core = slot->attr .core = slot->attr
}; };