PSA Crypto Service - multipart operation memory fixes

[itayzafrir]

Description

Prevent potential memory leaks on the SPM side and also free dynamically allocated memory as soon as possible.

Summary of changes in this PR:

1. Make the service behavior consistent with the library - e.g. in the library if psa_hash_update fails then the operation is aborted and the caller doesn't have to call psa_hash_abort (as abort is called by the library). The service behavior was not consistent with the library and could lead to memory leaks on the server side.
2. Free dynamically allocated memory on the SPM side as soon as possible - whenever possible, don't rely on a call to psa_close to free dynamically allocated contexts but free them ASAP.
3. Don't allow various (client) setup operations (such as psa_hash_setup) if the context is active (part of an active session), this could lead to memory leaks on the SPM side.
4. Don't allocate zero sized buffers, pass the input/output buffers to the library as is and let the library decide how to handle them.
5. Rename internal function destroy_hash_clone to clear_hash_clone.

Pull request type

[x] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@avolinski @NirSonnenschein

Release Notes

[ciarmcom]

@itayzafrir, thank you for your changes.
@avolinski @NirSonnenschein @ARMmbed/mbed-os-maintainers please review.

[alekshex]

ipc_call is a wrapper by itself.
i suggest for the same idea of code being clear and refactoring.
to put the
if (status != PSA_SUCCESS) {
ipc_close(&operation->handle);

inside ipc_call in case of failure.
with only one important note, if and only if we always want to close connections on call failure

[itayzafrir]

This is not always true, e.g. generators functions like psa_get_generator_capacity etc. don't close in case of error, so leaving it as is.

[alekshex]

why they don't close?
maybe we want to consider having a flag passed whether to close or not.
and still hide the close inside? there are too many of the same "close"

[itayzafrir]

I don't think having another flag makes much of a difference regarding code size or readability, if you think it's important I'll make another change.

[alekshex]

is it ok to free handle (mbedtls_free) for both scenarios:
sign setup fails
handle is not permitted?

[itayzafrir]

yes it is, the operation failed for whatever reason and the context is discarded.

[alekshex]

won't it cause recursion?
calling psa_mac_abort will call psa_mac_abort which will call this function with case of abort, which calls psa_mac_abort in case of abort

[itayzafrir]

No, this is service code calling library code, the library never calls the service.

[alekshex]

this block returns dozens of times.
please wrap in in static cleanup named function.
i would also suggest considering instead of repeating it multiple times through various cases. considering some bailout flag and logic and doing cleanup related to this flag once before return or so.
code becomes now a bit spaghetti like and is being a bit blown in size

[itayzafrir]

I'll provide a static cleanup function. I don't like the error flag approach in this case because it will add even more complexity to these nested switch cases. We'll refactor the partition also once we get a chance.

[itayzafrir]

@NirSonnenschein @avolinski I've added some more commits addressing the issues you raised, please re-review.

[NirSonnenschein]

changes look good to me

[cmonr]

@avolinski Thoughts?

[0xc0170]

CI started

[mbed-ci]

Test run: FAILED

Summary: 6 of 7 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_mbed2-build-GCC_ARM
• jenkins-ci/mbed-os-ci_mbed2-build-IAR
• jenkins-ci/mbed-os-ci_mbed2-build-ARM
• jenkins-ci/mbed-os-ci_build-ARM
• jenkins-ci/mbed-os-ci_build-IAR
• jenkins-ci/mbed-os-ci_build-GCC_ARM

[alekla01]

Restarted jenkins-ci

[mbed-ci]

Test run: FAILED

Summary: 1 of 11 test jobs failed
Build number : 3
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_exporter

[0xc0170]

License server error, restarting exporters