Cleanup
* No null-check before calling free * Close memory leak * No need for double check of privkey validity Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
parent
a2371e53e4
commit
6d839f05bf
1 changed files with 18 additions and 21 deletions
|
@ -691,8 +691,7 @@ static psa_status_t psa_import_rsa_key( psa_key_slot_t *slot,
|
||||||
exit:
|
exit:
|
||||||
/* Always free the RSA object */
|
/* Always free the RSA object */
|
||||||
mbedtls_rsa_free( rsa );
|
mbedtls_rsa_free( rsa );
|
||||||
if( rsa != NULL )
|
mbedtls_free( rsa );
|
||||||
mbedtls_free( rsa );
|
|
||||||
|
|
||||||
/* Free the allocated buffer only on error. */
|
/* Free the allocated buffer only on error. */
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
@ -726,10 +725,7 @@ static psa_status_t psa_load_ecp_representation( const psa_key_slot_t *slot,
|
||||||
mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
|
mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
|
||||||
size_t data_length = slot->data.key.bytes;
|
size_t data_length = slot->data.key.bytes;
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
mbedtls_ecp_keypair *ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
|
mbedtls_ecp_keypair *ecp = NULL;
|
||||||
|
|
||||||
if( ecp == NULL )
|
|
||||||
return PSA_ERROR_INSUFFICIENT_MEMORY;
|
|
||||||
|
|
||||||
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
|
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
|
||||||
{
|
{
|
||||||
|
@ -744,19 +740,27 @@ static psa_status_t psa_load_ecp_representation( const psa_key_slot_t *slot,
|
||||||
data_length = slot->data.key.bytes / 2;
|
data_length = slot->data.key.bytes / 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Allocate and initialize a key representation. */
|
||||||
|
ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
|
||||||
|
if( ecp == NULL )
|
||||||
|
return PSA_ERROR_INSUFFICIENT_MEMORY;
|
||||||
mbedtls_ecp_keypair_init( ecp );
|
mbedtls_ecp_keypair_init( ecp );
|
||||||
|
|
||||||
/* Load the group. */
|
/* Load the group. */
|
||||||
grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type),
|
grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ),
|
||||||
data_length );
|
data_length );
|
||||||
if( grp_id == MBEDTLS_ECP_DP_NONE )
|
if( grp_id == MBEDTLS_ECP_DP_NONE )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
{
|
||||||
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
status = mbedtls_to_psa_error(
|
status = mbedtls_to_psa_error(
|
||||||
mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
|
mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
goto exit;
|
||||||
|
|
||||||
/* Load the key material */
|
/* Load the key material. */
|
||||||
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
|
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
|
||||||
{
|
{
|
||||||
/* Load the public value. */
|
/* Load the public value. */
|
||||||
|
@ -775,7 +779,7 @@ static psa_status_t psa_load_ecp_representation( const psa_key_slot_t *slot,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Load the secret value. */
|
/* Load and validate the secret value. */
|
||||||
status = mbedtls_to_psa_error(
|
status = mbedtls_to_psa_error(
|
||||||
mbedtls_ecp_read_key( ecp->grp.id,
|
mbedtls_ecp_read_key( ecp->grp.id,
|
||||||
ecp,
|
ecp,
|
||||||
|
@ -784,11 +788,6 @@ static psa_status_t psa_load_ecp_representation( const psa_key_slot_t *slot,
|
||||||
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
/* Validate the private key. */
|
|
||||||
status = mbedtls_to_psa_error(
|
|
||||||
mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
*p_ecp = ecp;
|
*p_ecp = ecp;
|
||||||
|
@ -892,8 +891,7 @@ static psa_status_t psa_import_ecp_key( psa_key_slot_t *slot,
|
||||||
exit:
|
exit:
|
||||||
/* Always free the PK object (will also free contained ECP context) */
|
/* Always free the PK object (will also free contained ECP context) */
|
||||||
mbedtls_ecp_keypair_free( ecp );
|
mbedtls_ecp_keypair_free( ecp );
|
||||||
if( ecp != NULL )
|
mbedtls_free( ecp );
|
||||||
mbedtls_free( ecp );
|
|
||||||
|
|
||||||
/* Free the allocated buffer only on error. */
|
/* Free the allocated buffer only on error. */
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
@ -2003,12 +2001,12 @@ static psa_status_t psa_validate_optional_attributes(
|
||||||
{
|
{
|
||||||
mbedtls_rsa_context *rsa = NULL;
|
mbedtls_rsa_context *rsa = NULL;
|
||||||
mbedtls_mpi actual, required;
|
mbedtls_mpi actual, required;
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
psa_status_t status = psa_load_rsa_representation( slot, &rsa );
|
psa_status_t status = psa_load_rsa_representation( slot, &rsa );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return status;
|
return status;
|
||||||
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
mbedtls_mpi_init( &actual );
|
mbedtls_mpi_init( &actual );
|
||||||
mbedtls_mpi_init( &required );
|
mbedtls_mpi_init( &required );
|
||||||
ret = mbedtls_rsa_export( rsa,
|
ret = mbedtls_rsa_export( rsa,
|
||||||
|
@ -5592,8 +5590,7 @@ exit:
|
||||||
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
|
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
|
||||||
mbedtls_ecdh_free( &ecdh );
|
mbedtls_ecdh_free( &ecdh );
|
||||||
mbedtls_ecp_keypair_free( their_key );
|
mbedtls_ecp_keypair_free( their_key );
|
||||||
if( their_key != NULL)
|
mbedtls_free( their_key );
|
||||||
mbedtls_free( their_key );
|
|
||||||
|
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue