From ac5b32b8944485bfb1a517d09a6e77f4181effb9 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 15 Nov 2023 16:26:01 +0000 Subject: [PATCH 1/3] Fix error handling for secure element keys in `psa_start_key_creation` Signed-off-by: Ryan Everett --- library/psa_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bbd6b24ed4..4beda81124 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1841,6 +1841,9 @@ static psa_status_t psa_start_key_creation( status = psa_copy_key_material_into_slot( slot, (uint8_t *) (&slot_number), sizeof(slot_number)); + if (status != PSA_SUCCESS) { + return status; + } } if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) { From ca159a11024f898232a7a46e3bd7bfd688b73295 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 15 Nov 2023 16:36:54 +0000 Subject: [PATCH 2/3] Add changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-secure-element-key-creation.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt new file mode 100644 index 0000000000..12441ae83d --- /dev/null +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the error handling in psa_start_key_creation so that + out of memory issues are properly handled. Fixes #8537. From 460f457ecbdc1cf001c8c892193e06dac58974bb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 16 Nov 2023 15:21:08 +0000 Subject: [PATCH 3/3] Rewrite changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-secure-element-key-creation.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt index 12441ae83d..23a46c068d 100644 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -1,3 +1,5 @@ Bugfix - * Fix the error handling in psa_start_key_creation so that - out of memory issues are properly handled. Fixes #8537. + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537.