diff options
author | Ryan Everett <ryan.everett@arm.com> | 2024-04-29 18:24:58 +0100 |
---|---|---|
committer | Ryan Everett <ryan.everett@arm.com> | 2024-04-29 18:24:58 +0100 |
commit | dd90507dc679284d1c99f3e18bafeb51e539e221 (patch) | |
tree | c934f75a71d0c6ec77c007553d59aa6936e8279f /library | |
parent | 024d3daa7d367e58aaab6a5b06e42aa440e3fa37 (diff) | |
download | mbedtls-dd90507dc679284d1c99f3e18bafeb51e539e221.zip mbedtls-dd90507dc679284d1c99f3e18bafeb51e539e221.tar.gz mbedtls-dd90507dc679284d1c99f3e18bafeb51e539e221.tar.bz2 |
Fix potential non-NULL slot return on failure
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Diffstat (limited to 'library')
-rw-r--r-- | library/psa_crypto_slot_management.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index b184ed0..fbcb26e 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -440,6 +440,9 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, status = PSA_ERROR_INVALID_HANDLE; #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ + if (status != PSA_SUCCESS) { + *p_slot = NULL; + } #if defined(MBEDTLS_THREADING_C) PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( &mbedtls_threading_key_slot_mutex)); |