Add buffer protection to psa_key_derivation_key_agreement
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1612192..d1973a5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5243,12 +5243,13 @@
psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
mbedtls_svc_key_id_t private_key,
- const uint8_t *peer_key,
+ const uint8_t *peer_key_external,
size_t peer_key_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
+ LOCAL_INPUT_DECLARE(peer_key_external, peer_key);
if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -5258,9 +5259,13 @@
if (status != PSA_SUCCESS) {
return status;
}
+
+ LOCAL_INPUT_ALLOC(peer_key_external, peer_key_length, peer_key)
status = psa_key_agreement_internal(operation, step,
slot,
peer_key, peer_key_length);
+
+exit:
if (status != PSA_SUCCESS) {
psa_key_derivation_abort(operation);
} else {
@@ -5273,6 +5278,7 @@
unlock_status = psa_unlock_key_slot(slot);
+ LOCAL_INPUT_FREE(peer_key_external, peer_key);
return (status == PSA_SUCCESS) ? unlock_status : status;
}