Reject keys of size 0
Implement the prohibition on keys of size 0.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a80f13d..f0fbcdc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1826,6 +1826,12 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ /* Reject zero-length symmetric keys (including raw data key objects).
+ * This also rejects any key which might be encoded as an empty string,
+ * which is never valid. */
+ if( data_length == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
handle, &slot, &driver );
if( status != PSA_SUCCESS )
@@ -4778,6 +4784,12 @@
psa_status_t status;
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+
+ /* Reject any attempt to create a zero-length key so that we don't
+ * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
+ if( psa_get_key_bits( attributes ) == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
attributes, handle, &slot, &driver );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -5512,6 +5524,11 @@
psa_key_slot_t *slot = NULL;
psa_se_drv_table_entry_t *driver = NULL;
+ /* Reject any attempt to create a zero-length key so that we don't
+ * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
+ if( psa_get_key_bits( attributes ) == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
attributes, handle, &slot, &driver );
if( status != PSA_SUCCESS )