From 0f84d6245b9b9940084ed75570b4e377d502501d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Sep 2019 19:03:13 +0200 Subject: [PATCH] Reject keys of size 0 Implement the prohibition on keys of size 0. --- library/psa_crypto.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a80f13de3..f0fbcdcde 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1826,6 +1826,12 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + /* Reject zero-length symmetric keys (including raw data key objects). + * This also rejects any key which might be encoded as an empty string, + * which is never valid. */ + if( data_length == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, handle, &slot, &driver ); if( status != PSA_SUCCESS ) @@ -4778,6 +4784,12 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + + /* Reject any attempt to create a zero-length key so that we don't + * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ + if( psa_get_key_bits( attributes ) == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes, handle, &slot, &driver ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -5512,6 +5524,11 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + /* Reject any attempt to create a zero-length key so that we don't + * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ + if( psa_get_key_bits( attributes ) == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes, handle, &slot, &driver ); if( status != PSA_SUCCESS )