From 8593bca7f8bc37ef4ceada556fe4fd1e48ce1f59 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 11 Feb 2019 11:45:58 +0000 Subject: [PATCH 1/2] Allow NULL buffers in psa_copy_key_material when the key size is zero --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d9d48708c..086403109 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1227,7 +1227,7 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->type, psa_get_key_bits( source ) ); buffer = mbedtls_calloc( 1, buffer_size ); - if( buffer == NULL ) + if( buffer == NULL && buffer_size != 0 ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 ); if( status != PSA_SUCCESS ) From 8096cafa9454ba2f8e06e581e5bf4d1d75cb4685 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 11 Feb 2019 14:03:03 +0000 Subject: [PATCH 2/2] Only zeroize buffer if the buffer length is non-zero --- library/psa_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 086403109..5bf4f9924 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1235,7 +1235,8 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, status = psa_import_key( target, source->type, buffer, length ); exit: - mbedtls_platform_zeroize( buffer, buffer_size ); + if( buffer_size != 0 ) + mbedtls_platform_zeroize( buffer, buffer_size ); mbedtls_free( buffer ); return( status ); }