Skip to content

Commit c6b9173

Browse files
0xc01700xc0170
authored
Merge pull request #10232 from itayzafrir/crypto-service-multipart-operation-abort-fix
PSA Crypto Service - multipart operation memory fixes
2 parents d9ad62e + 2b81588 commit c6b9173

File tree

2 files changed

+541
-448
lines changed

2 files changed

+541
-448
lines changed

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

Lines changed: 64 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,10 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
120120
psa_algorithm_t alg,
121121
psa_sec_function_t func)
122122
{
123+
if (operation->handle != PSA_NULL_HANDLE) {
124+
return (PSA_ERROR_BAD_STATE);
125+
}
126+
123127
psa_crypto_ipc_t psa_crypto_ipc = {
124128
.func = func,
125129
.handle = key_handle,
@@ -133,6 +137,9 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
133137
return (status);
134138
}
135139
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
140+
if (status != PSA_SUCCESS) {
141+
ipc_close(&operation->handle);
142+
}
136143
return (status);
137144
}
138145

@@ -168,6 +175,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
168175
};
169176

170177
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false);
178+
if (status != PSA_SUCCESS) {
179+
ipc_close(&operation->handle);
180+
}
171181
return (status);
172182
}
173183

@@ -240,6 +250,10 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
240250
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
241251
psa_algorithm_t alg)
242252
{
253+
if (operation->handle != PSA_NULL_HANDLE) {
254+
return (PSA_ERROR_BAD_STATE);
255+
}
256+
243257
psa_crypto_ipc_t psa_crypto_ipc = {
244258
.func = PSA_HASH_SETUP,
245259
.handle = 0,
@@ -253,6 +267,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
253267
return (status);
254268
}
255269
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
270+
if (status != PSA_SUCCESS) {
271+
ipc_close(&operation->handle);
272+
}
256273
return (status);
257274
}
258275

@@ -272,6 +289,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
272289
};
273290

274291
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false);
292+
if (status != PSA_SUCCESS) {
293+
ipc_close(&operation->handle);
294+
}
275295
return (status);
276296
}
277297

@@ -986,6 +1006,10 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
9861006
size_t label_length,
9871007
size_t capacity)
9881008
{
1009+
if (generator->handle != PSA_NULL_HANDLE) {
1010+
return (PSA_ERROR_BAD_STATE);
1011+
}
1012+
9891013
psa_crypto_derivation_ipc_t psa_crypto_ipc = {
9901014
.func = PSA_KEY_DERIVATION,
9911015
.handle = key_handle,
@@ -1004,6 +1028,9 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
10041028
return (status);
10051029
}
10061030
status = ipc_call(&generator->handle, in_vec, 3, NULL, 0, false);
1031+
if (status != PSA_SUCCESS) {
1032+
ipc_close(&generator->handle);
1033+
}
10071034
return (status);
10081035
}
10091036

@@ -1013,6 +1040,10 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
10131040
size_t peer_key_length,
10141041
psa_algorithm_t alg)
10151042
{
1043+
if (generator->handle != PSA_NULL_HANDLE) {
1044+
return (PSA_ERROR_BAD_STATE);
1045+
}
1046+
10161047
psa_crypto_derivation_ipc_t psa_crypto_ipc = {
10171048
.func = PSA_KEY_AGREEMENT,
10181049
.handle = private_key_handle,
@@ -1030,6 +1061,9 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
10301061
return (status);
10311062
}
10321063
status = ipc_call(&generator->handle, in_vec, 2, NULL, 0, false);
1064+
if (status != PSA_SUCCESS) {
1065+
ipc_close(&generator->handle);
1066+
}
10331067
return (status);
10341068
}
10351069

@@ -1055,12 +1089,17 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
10551089
/****************************************************************/
10561090
/* SYMMETRIC */
10571091
/****************************************************************/
1058-
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
1059-
psa_key_handle_t key_handle,
1060-
psa_algorithm_t alg)
1092+
static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
1093+
psa_key_handle_t key_handle,
1094+
psa_algorithm_t alg,
1095+
psa_sec_function_t func)
10611096
{
1097+
if (operation->handle != PSA_NULL_HANDLE) {
1098+
return (PSA_ERROR_BAD_STATE);
1099+
}
1100+
10621101
psa_crypto_ipc_t psa_crypto_ipc = {
1063-
.func = PSA_CIPHER_ENCRYPT_SETUP,
1102+
.func = func,
10641103
.handle = key_handle,
10651104
.alg = alg
10661105
};
@@ -1072,26 +1111,25 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
10721111
return (status);
10731112
}
10741113
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
1114+
if (status != PSA_SUCCESS) {
1115+
ipc_close(&operation->handle);
1116+
}
10751117
return (status);
10761118
}
10771119

1078-
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
1120+
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
10791121
psa_key_handle_t key_handle,
10801122
psa_algorithm_t alg)
10811123
{
1082-
psa_crypto_ipc_t psa_crypto_ipc = {
1083-
.func = PSA_CIPHER_DECRYPT_SETUP,
1084-
.handle = key_handle,
1085-
.alg = alg
1086-
};
1087-
1088-
psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) };
1124+
psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_ENCRYPT_SETUP);
1125+
return (status);
1126+
}
10891127

1090-
psa_status_t status = ipc_connect(PSA_SYMMETRIC_ID, &operation->handle);
1091-
if (status != PSA_SUCCESS) {
1092-
return (status);
1093-
}
1094-
status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false);
1128+
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
1129+
psa_key_handle_t key_handle,
1130+
psa_algorithm_t alg)
1131+
{
1132+
psa_status_t status = psa_cipher_setup(operation, key_handle, alg, PSA_CIPHER_DECRYPT_SETUP);
10951133
return (status);
10961134
}
10971135

@@ -1114,6 +1152,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
11141152
};
11151153

11161154
psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, false);
1155+
if (status != PSA_SUCCESS) {
1156+
ipc_close(&operation->handle);
1157+
}
11171158
return (status);
11181159
}
11191160

@@ -1133,6 +1174,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
11331174
};
11341175

11351176
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false);
1177+
if (status != PSA_SUCCESS) {
1178+
ipc_close(&operation->handle);
1179+
}
11361180
return (status);
11371181
}
11381182

@@ -1160,6 +1204,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
11601204
};
11611205

11621206
psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false);
1207+
if (status != PSA_SUCCESS) {
1208+
ipc_close(&operation->handle);
1209+
}
11631210
return (status);
11641211
}
11651212

0 commit comments

Comments
 (0)