commit 2f69b1a059a32deef1aa2886d290262a91656aa7
author Andrzej Kurek <andrzej.kurek@arm.com> Thu Nov 08 04:33:06 2018 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Thu Nov 22 13:37:14 2018 -0500
tree f46ed46aa543e7e10de14f0b15a33387e1365c0d
parent c097b0fdedd82e5a9369fa418c3c785bd81250b9

pk_wrap: destroy key slot on errors with policy or key importing

library/pk_wrap.c

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 2e22ec9..469dc25 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -591,7 +591,7 @@
 
     // Check if both parts are of the same size
     if( len_partial != len_signature )
-    	return( MBEDTLS_ERR_X509_INVALID_SIGNATURE );
+        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE );
 
     memcpy( sig->p + len_partial, *p, len_partial );
     len_signature += len_partial;
@@ -696,15 +696,16 @@
     key_len = mbedtls_pk_write_pubkey_der( &key, buf, buf_len );
     if( key_len <= 0 )
     {
-        ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-        goto cleanup;
+        mbedtls_free( signature.p );
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
     }
 
     if( mbedtls_psa_get_free_key_slot( &key_slot ) != PSA_SUCCESS )
     {
-        ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-        goto cleanup;
+        mbedtls_free( signature.p );
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
     }
+
     psa_key_policy_init( &policy );
     psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
     if( psa_set_key_policy( key_slot, &policy ) != PSA_SUCCESS )
@@ -725,14 +726,13 @@
                                signature.p, signature.len )
          != PSA_SUCCESS )
     {
-         psa_destroy_key( key_slot );
          ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
          goto cleanup;
     }
     ret = 0;
-    psa_destroy_key( key_slot );
 
     cleanup:
+    psa_destroy_key( key_slot );
     mbedtls_free( signature.p );
     return( ret );
 }