TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3e72db4f514769b9c73f409a9d06e54a39a8fb72^! / .
commit3e72db4f514769b9c73f409a9d06e54a39a8fb72[log] [tgz]
authorDavid Horstmann <david.horstmann@arm.com>Fri Dec 08 14:08:18 2023 +0000
committerDavid Horstmann <david.horstmann@arm.com>Mon Dec 11 17:58:56 2023 +0000
tree3d6880ba27f464305317f76b486eb52aa75a8cf9
parentb7a5b6ed35d9a6455e10be02a70c85d881661461 [diff]
Improve FREE_LOCAL_INPUT() and FREE_LOCAL_OUTPUT()

* Set swapped pointers to NULL when the buffers are freed.
* Change example name <buffer> to <input> and <output> to reduce
  confusion.
* Document assumptions of FREE_LOCAL_ macros.
* Add comment on error case in FREE_LOCAL_OUTPUT(), explaining why it's
  okay to mask the existing status code.

Signed-off-by: David Horstmann <david.horstmann@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b9583f7..575c08c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -115,7 +115,7 @@
  * Assumptions:
  * - psa_status_t status exists
  * - An exit label is declared
- * - The name <buffer>_copy is not used for the given value of <buffer>
+ * - The name <input>_copy is not used for the given value of <input>
  */
 #define SWAP_FOR_LOCAL_INPUT(input, length) \
     psa_crypto_local_input_t input ## _copy = PSA_CRYPTO_LOCAL_INPUT_INIT; \
@@ -125,14 +125,23 @@
     } \
     input = input ## _copy.buffer;
 
+/* Free the substituted input buffer copy created by SWAP_FOR_LOCAL_INPUT().
+ * Note that this does not restore the pointer to the original buffer.
+ * Assumptions:
+ * - psa_crypto_local_input_t <input>_copy exists, for the given value of
+ *   <input>
+ * - <input>_copy was previously allocated by psa_crypto_local_input_alloc()
+ * - <input> points to <input>_copy.buffer
+ */
 #define FREE_LOCAL_INPUT(input) \
+    input = NULL; \
     psa_crypto_local_input_free(&input ## _copy);
 
 /* Substitute an output buffer for a local copy of itself.
  * Assumptions:
  * - psa_status_t status exists
  * - An exit label is declared
- * - The name <buffer>_copy is not used for the given value of <buffer>
+ * - The name <output>_copy is not used for the given value of <output>
  */
 #define SWAP_FOR_LOCAL_OUTPUT(output, length) \
     psa_crypto_local_output_t output ## _copy = PSA_CRYPTO_LOCAL_OUTPUT_INIT; \
@@ -142,10 +151,24 @@
     } \
     output = output ## _copy.buffer;
 
+/* Free the substituted output buffer copy created by SWAP_FOR_LOCAL_OUTPUT()
+ * after first copying back its contents to the original buffer.
+ * Note that this does not restore the pointer to the original buffer.
+ * Assumptions:
+ * - psa_crypto_local_output_t <output>_copy exists, for the given value of
+ *   <output>
+ * - <output>_copy was previously allocated by psa_crypto_local_output_alloc()
+ * - <output> points to <output>_copy.buffer
+ * - psa_status_t status exists
+ */
 #define FREE_LOCAL_OUTPUT(output) \
+    output = NULL; \
     psa_status_t local_output_free_status; \
     local_output_free_status = psa_crypto_local_output_free(&output ## _copy); \
     if (local_output_free_status != PSA_SUCCESS) { \
+        /* Since this error case is an internal error, it's more serious than \
+         * any existing error code and so it's fine to overwrite the existing \
+         * status. */ \
         status = local_output_free_status; \
     }
 #else /* MBEDTLS_PSA_COPY_CALLER_BUFFERS */