mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 21:15:41 +01:00
Add missing key destruction calls in ssl_write_client_key_exchange
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
4e921870b1
commit
4b1216b003
3
ChangeLog.d/raw-agreement-destroy-missing.txt
Normal file
3
ChangeLog.d/raw-agreement-destroy-missing.txt
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
Bugfix
|
||||||
|
* Add missing key slot destruction calls when a raw key agreement or
|
||||||
|
a public key export fails in ssl_write_client_key_exchange.
|
||||||
@ -3722,7 +3722,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||||
{
|
{
|
||||||
psa_status_t status;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_attributes_t key_attributes;
|
psa_key_attributes_t key_attributes;
|
||||||
|
|
||||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||||
@ -3765,13 +3766,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
own_pubkey, sizeof( own_pubkey ),
|
own_pubkey, sizeof( own_pubkey ),
|
||||||
&own_pubkey_len );
|
&own_pubkey_len );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||||
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
|
if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
|
||||||
own_pubkey_len,
|
own_pubkey_len,
|
||||||
&own_pubkey_ecpoint,
|
&own_pubkey_ecpoint,
|
||||||
&own_pubkey_ecpoint_len ) != 0 )
|
&own_pubkey_ecpoint_len ) != 0 )
|
||||||
{
|
{
|
||||||
|
psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||||
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3791,13 +3798,12 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
sizeof( ssl->handshake->premaster ),
|
sizeof( ssl->handshake->premaster ),
|
||||||
&ssl->handshake->pmslen );
|
&ssl->handshake->pmslen );
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
|
||||||
|
|
||||||
status = psa_destroy_key( handshake->ecdh_psa_privkey );
|
destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
|
||||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
|
if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
|
||||||
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user