commit ce131bf5c5ce51d8f2400a3b23fb555745bd67d7
author Przemek Stekiel <przemyslaw.stekiel@mobica.com> Tue Feb 21 12:19:27 2023 +0100
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Wed Feb 22 11:30:32 2023 +0100
tree 29f1c026ed832f32748cb5f81b946aa53440d8ec
parent 80a884990311f1be27a05a052dde29489747a3b0

PAKE driver: fix password releasing

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

library/psa_crypto_pake.c

diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index a679811..929db59 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -254,11 +254,13 @@
     (void) operation;
     (void) inputs;
 #endif
-    { return PSA_ERROR_NOT_SUPPORTED; }
+    { status = PSA_ERROR_NOT_SUPPORTED; }
 
 error:
-    mbedtls_platform_zeroize(operation->password, operation->password_len);
-    mbedtls_free(operation->password);
+    /* When driver fails with PSA_ERROR_NOT_SUPPORTED the built-in implementation is executed (if available)
+       and it will reallocate the password leading to the memory leak.
+       Call abort explicitly to clean up allocated memory for password on failure. */
+    mbedtls_psa_pake_abort(operation);
     return status;
 }
 
@@ -518,13 +520,13 @@
 
 psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation)
 {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
+    mbedtls_platform_zeroize(operation->password, operation->password_len);
+    mbedtls_free(operation->password);
+    operation->password = NULL;
+    operation->password_len = 0;
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
     if (operation->alg == PSA_ALG_JPAKE) {
-        mbedtls_platform_zeroize(operation->password, operation->password_len);
-        mbedtls_free(operation->password);
-        operation->password = NULL;
-        operation->password_len = 0;
         operation->role = PSA_PAKE_ROLE_NONE;
         mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE);
         operation->buffer_length = 0;