TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 0736df33ac8c893c3e1f10d1c231754b803c3b95^! / . / library / psa_crypto.c
commit0736df33ac8c893c3e1f10d1c231754b803c3b95[log] [tgz]
authorThomas Daubney <thomas.daubney@arm.com>Wed Feb 21 12:28:20 2024 +0000
committerThomas Daubney <thomas.daubney@arm.com>Wed Feb 21 12:28:20 2024 +0000
tree12817a52c62316b61db16bf9747b779c0ab2cc17
parent26d1c43821c0a4d5cc3edbae15ae5f9848f06409 [diff] [blame]
Check for output allocation before randomising

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 994f9a9..964ae51 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -5298,6 +5298,7 @@
     size_t expected_length;
     LOCAL_INPUT_DECLARE(peer_key_external, peer_key);
     LOCAL_OUTPUT_DECLARE(output_external, output);
+    LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
 
     if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5325,23 +5326,29 @@
     }
 
     LOCAL_INPUT_ALLOC(peer_key_external, peer_key_length, peer_key);
-    LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
     status = psa_key_agreement_raw_internal(alg, slot,
                                             peer_key, peer_key_length,
                                             output, output_size,
                                             output_length);
 
 exit:
-    if (status != PSA_SUCCESS && output != NULL) {
-        /* If an error happens and is not handled properly, the output
-         * may be used as a key to protect sensitive data. Arrange for such
-         * a key to be random, which is likely to result in decryption or
-         * verification errors. This is better than filling the buffer with
-         * some constant data such as zeros, which would result in the data
-         * being protected with a reproducible, easily knowable key.
-         */
-        psa_generate_random(output, output_size);
-        *output_length = output_size;
+    /* Check for successful allocation of output. */
+    if (output != NULL && status != PSA_ERROR_INSUFFICIENT_MEMORY) {
+        /* output allocated. */
+        if (status != PSA_SUCCESS) {
+            /* If an error happens and is not handled properly, the output
+             * may be used as a key to protect sensitive data. Arrange for such
+             * a key to be random, which is likely to result in decryption or
+             * verification errors. This is better than filling the buffer with
+             * some constant data such as zeros, which would result in the data
+             * being protected with a reproducible, easily knowable key.
+             */
+            psa_generate_random(output, output_size);
+            *output_length = output_size;
+        }
+    } else {
+        /* output allocation failed. */
+        *output_length = 0;
     }
 
     unlock_status = psa_unlock_key_slot(slot);