diff options
author | David Hu <david.hu@arm.com> | 2021-06-03 15:37:46 +0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-06-07 11:09:19 +0200 |
commit | c8c616ef11bbe5960ada85a719b7a5b53e6aa42c (patch) | |
tree | 0d51ff02782b5db6aac91913ff81316e7a1c9c7c | |
parent | 2bedfcddb0df0bacaeb769d617708de12c61ea8c (diff) | |
download | trusted-firmware-m-c8c616ef11bbe5960ada85a719b7a5b53e6aa42c.tar.gz |
Crypto: Fix Mbed TLS key operation return code
PSA Crypto API spec requests key operation to return error code
PSA_ERROR_INVALID_HANDLE when the key doesn't exist.
However, according to [1], PSA key operation implementation in Mbed TLS
returns PSA_ERROR_DOES_NOT_EXIST instead.
TF-M currently works normally since TF-M specific key handle check will
return PSA_ERROR_INVALID_HANDLE for a non-existing key, without calling
Mbed TLS PSA key operation.
Apply the merged Mbed TLS fix to TF-M to prepare for enhancement of TF-M
key handle check.
[1]: https://github.com/ARMmbed/mbedtls/pull/4198
Change-Id: I79dda1c54dc8377afbfaefdf180bb81c7ff99f02
Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r-- | lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch b/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch new file mode 100644 index 0000000000..6e127b9773 --- /dev/null +++ b/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch @@ -0,0 +1,64 @@ +From 374c93c43f8c299adcee91cfbc90a15037317d18 Mon Sep 17 00:00:00 2001 +From: Maulik Patel <Maulik.Patel@arm.com> +Date: Mon, 15 Mar 2021 14:48:14 +0000 +Subject: [PATCH 3/3] Fix:4162 Return correct error type for invalid key + +Return PSA_ERROR_INVALID_HANDLE instead of +PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key +operations. + +Signed-off-by: Maulik Patel <Maulik.Patel@arm.com> +--- + library/psa_crypto_slot_management.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c +index dcbee31aa..b7e3442fb 100644 +--- a/library/psa_crypto_slot_management.c ++++ b/library/psa_crypto_slot_management.c +@@ -305,13 +305,15 @@ psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, + + status = psa_load_persistent_key_into_slot( *p_slot ); + if( status != PSA_SUCCESS ) ++ { + psa_wipe_key_slot( *p_slot ); +- ++ if( status == PSA_ERROR_DOES_NOT_EXIST ) ++ status = PSA_ERROR_INVALID_HANDLE; ++ } + return( status ); + #else +- return( PSA_ERROR_DOES_NOT_EXIST ); ++ return( PSA_ERROR_INVALID_HANDLE ); + #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ +- + } + + psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) +@@ -399,6 +401,9 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) + if( status != PSA_SUCCESS ) + { + *handle = PSA_KEY_HANDLE_INIT; ++ if( status == PSA_ERROR_INVALID_HANDLE ) ++ status = PSA_ERROR_DOES_NOT_EXIST; ++ + return( status ); + } + +@@ -423,8 +428,12 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) + + status = psa_get_and_lock_key_slot_in_memory( handle, &slot ); + if( status != PSA_SUCCESS ) +- return( status ); ++ { ++ if( status == PSA_ERROR_DOES_NOT_EXIST ) ++ status = PSA_ERROR_INVALID_HANDLE; + ++ return( status ); ++ } + if( slot->lock_count <= 1 ) + return( psa_wipe_key_slot( slot ) ); + else +-- +2.25.1 + |