yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add missing key destruction calls in ssl_write_client_key_exchange

Browse source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2022-02-24 13:24:52 -05:00
parent 4579a972bf
commit a0237f86d3
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog.d/raw-agreement-destroy-missing.txt Normal file
View file

@ -0,0 +1,3 @@
Bugfix
* Add missing key slot destruction calls when a raw key agreement or
a public key export fails in ssl_write_client_key_exchange.

16
library/ssl_cli.c
View file

@ -3292,7 +3292,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
{ {
psa_status_t status; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t key_attributes; psa_key_attributes_t key_attributes;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@ -3336,7 +3337,11 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
own_pubkey, own_pubkey_max_len, own_pubkey, own_pubkey_max_len,
&own_pubkey_len ); &own_pubkey_len );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{
psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
ssl->out_msg[header_len] = (unsigned char) own_pubkey_len; ssl->out_msg[header_len] = (unsigned char) own_pubkey_len;
content_len = own_pubkey_len + 1; content_len = own_pubkey_len + 1;
@ -3351,13 +3356,12 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
ssl->handshake->premaster, ssl->handshake->premaster,
sizeof( ssl->handshake->premaster ), sizeof( ssl->handshake->premaster ),
&ssl->handshake->pmslen ); &ssl->handshake->pmslen );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
status = psa_destroy_key( handshake->ecdh_psa_privkey ); destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
} }
else else
#endif /* MBEDTLS_USE_PSA_CRYPTO && #endif /* MBEDTLS_USE_PSA_CRYPTO &&