TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 81899aba115f815410bcf943122abbfd21a7890d^! / .
commit81899aba115f815410bcf943122abbfd21a7890d[log] [tgz]
authorThomas Daubney <thomas.daubney@arm.com>Thu Feb 15 12:57:26 2024 +0000
committerThomas Daubney <thomas.daubney@arm.com>Thu Feb 15 12:57:26 2024 +0000
tree86c645e4db4bfe3d6eab0da1426c879e8a180b8b
parentb53912667027c0c7637ecac4d4758805ea2e1875 [diff]
Add buffer protection to psa_raw_key_agreement

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ca10c14..e3706b8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -7376,9 +7376,9 @@
 
 psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
                                    mbedtls_svc_key_id_t private_key,
-                                   const uint8_t *peer_key,
+                                   const uint8_t *peer_key_external,
                                    size_t peer_key_length,
-                                   uint8_t *output,
+                                   uint8_t *output_external,
                                    size_t output_size,
                                    size_t *output_length)
 {
@@ -7386,6 +7386,8 @@
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
     size_t expected_length;
+    LOCAL_INPUT_DECLARE(peer_key_external, peer_key);
+    LOCAL_OUTPUT_DECLARE(output_external, output);
 
     if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
@@ -7412,6 +7414,8 @@
         goto exit;
     }
 
+    LOCAL_INPUT_ALLOC(peer_key_external, peer_key_length, peer_key);
+    LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
     status = psa_key_agreement_raw_internal(alg, slot,
                                             peer_key, peer_key_length,
                                             output, output_size,
@@ -7432,6 +7436,8 @@
 
     unlock_status = psa_unregister_read(slot);
 
+    LOCAL_INPUT_FREE(peer_key_external, peer_key);
+    LOCAL_OUTPUT_FREE(output_external, output);
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }