From ecb221b1ffc120cb7920f316deefac3a10c08fa4 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 8 Sep 2022 11:21:07 +0200 Subject: [PATCH] Move operation buffer in operation struct and remove dynamic allocation Signed-off-by: Neil Armstrong --- include/psa/crypto_extra.h | 5 +++-- library/psa_crypto_pake.c | 19 ++++--------------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index e625f0d982..3330bf63ea 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1829,7 +1829,7 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation ); */ #if defined(MBEDTLS_PSA_BUILTIN_PAKE) #define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, 0, 0, \ - MBEDTLS_SVC_KEY_ID_INIT, 0, NULL, 0, 0, \ + MBEDTLS_SVC_KEY_ID_INIT, 0, {0}, 0, 0, \ {.dummy = 0}} #else #define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, {0}} @@ -1905,6 +1905,7 @@ static inline void psa_pake_cs_set_hash( psa_pake_cipher_suite_t *cipher_suite, #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #include +#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 ) #endif struct psa_pake_operation_s @@ -1917,7 +1918,7 @@ struct psa_pake_operation_s unsigned int MBEDTLS_PRIVATE(output_step); mbedtls_svc_key_id_t MBEDTLS_PRIVATE(password); psa_pake_role_t MBEDTLS_PRIVATE(role); - uint8_t *MBEDTLS_PRIVATE(buffer); + uint8_t MBEDTLS_PRIVATE(buffer[PSA_PAKE_BUFFER_SIZE]); size_t MBEDTLS_PRIVATE(buffer_length); size_t MBEDTLS_PRIVATE(buffer_offset); #endif diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index f7be68786d..1fd91290e6 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -33,10 +33,6 @@ #include #include -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) -#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 ) -#endif - /* * State sequence: * @@ -234,7 +230,7 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, operation->input_step = PSA_PAKE_STEP_X1_X2; operation->output_step = PSA_PAKE_STEP_X1_X2; - operation->buffer = NULL; + mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE ); operation->buffer_length = 0; operation->buffer_offset = 0; @@ -383,10 +379,6 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) if( ret != 0 ) return( mbedtls_ecjpake_to_psa_error( ret ) ); - operation->buffer = mbedtls_calloc( 1, PSA_PAKE_BUFFER_SIZE ); - if( operation->buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - operation->state = PSA_PAKE_STATE_READY; return( PSA_SUCCESS ); @@ -428,8 +420,7 @@ psa_status_t psa_pake_output( psa_pake_operation_t *operation, } if( operation->state >= PSA_PAKE_STATE_READY && - ( mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 || - operation->buffer == NULL ) ) + mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -612,8 +603,7 @@ psa_status_t psa_pake_input( psa_pake_operation_t *operation, } if( operation->state >= PSA_PAKE_STATE_READY && - ( mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 || - operation->buffer == NULL ) ) + mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -794,8 +784,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation) operation->output_step = 0; operation->password = MBEDTLS_SVC_KEY_ID_INIT; operation->role = 0; - mbedtls_free( operation->buffer ); - operation->buffer = NULL; + mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE ); operation->buffer_length = 0; operation->buffer_offset = 0; mbedtls_ecjpake_free( &operation->ctx.ecjpake );