TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4304276539eb0457d38d36c2b131ccdec2d99f3a^! / . / library / psa_crypto.c
commit4304276539eb0457d38d36c2b131ccdec2d99f3a[log] [tgz]
authorThomas Daubney <thomas.daubney@arm.com>Thu Feb 15 12:57:26 2024 +0000
committerThomas Daubney <thomas.daubney@arm.com>Thu Feb 15 13:47:08 2024 +0000
tree84c14448d64a7a5b99e052f2fef6e37a896bc0f5
parenta9cc4cd1cb9b10cc08c6044fb4d292b86545d601 [diff] [blame]
Add buffer protection to psa_raw_key_agreement

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d30462b..1612192 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -5278,9 +5278,9 @@
 
 psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
                                    mbedtls_svc_key_id_t private_key,
-                                   const uint8_t *peer_key,
+                                   const uint8_t *peer_key_external,
                                    size_t peer_key_length,
-                                   uint8_t *output,
+                                   uint8_t *output_external,
                                    size_t output_size,
                                    size_t *output_length)
 {
@@ -5288,6 +5288,8 @@
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
     size_t expected_length;
+    LOCAL_INPUT_DECLARE(peer_key_external, peer_key);
+    LOCAL_OUTPUT_DECLARE(output_external, output);
 
     if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5314,6 +5316,8 @@
         goto exit;
     }
 
+    LOCAL_INPUT_ALLOC(peer_key_external, peer_key_length, peer_key);
+    LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
     status = psa_key_agreement_raw_internal(alg, slot,
                                             peer_key, peer_key_length,
                                             output, output_size,
@@ -5334,6 +5338,8 @@
 
     unlock_status = psa_unlock_key_slot(slot);
 
+    LOCAL_INPUT_FREE(peer_key_external, peer_key);
+    LOCAL_OUTPUT_FREE(output_external, output);
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }