yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 02:11:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

cipher: fixed key ownership scope

Browse source 
Indicate key ownership earlier, so that it gets destroyed on faulty policy setting.
This commit is contained in:
Andrzej Kurek 2019-01-14 05:01:28 -05:00
parent c750932f2c
commit 08dfceaba4
1 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
library/cipher.c
View file

@ -312,6 +312,15 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
/* From that point on, the responsibility for destroying the
* key slot is on mbedtls_cipher_free(). This includes the case
* where the policy setup or key import below fail, as
* mbedtls_cipher_free() needs to be called in any case. */
/* Setup policy for the new key slot. */
psa_key_policy_init( &key_policy );
@ -325,14 +334,6 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
status = psa_set_key_policy( cipher_psa->slot, &key_policy );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
/* Indicate that we own the key slot and need to
* destroy it in mbedtls_cipher_free(). */
cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
/* From that point on, the responsibility for destroying the
* key slot is on mbedtls_cipher_free(). This includes the case
* where the policy setup or key import below fail, as
* mbedtls_cipher_free() needs to be called in any case. */
/* Populate new key slot. */
status = psa_import_key( cipher_psa->slot,