From 593773d9f23f2a494c462f6e02d9fba47b1afd88 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 23 Sep 2019 18:17:40 +0200 Subject: [PATCH] Consistently abort key derivation operations on input error --- library/psa_crypto.c | 3 +++ tests/suites/test_suite_psa_crypto.data | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 149459366..07c6261d6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5163,7 +5163,10 @@ psa_status_t psa_key_derivation_input_key( PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( operation ); return( status ); + } return( psa_key_derivation_input_internal( operation, step, slot->attr.type, slot->data.raw.data, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index bfa3c1df8..bf5b4cdff 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1898,7 +1898,7 @@ derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_512):PSA_KEY_DERIVATION_INPUT_SALT:0:"":PS PSA key derivation: HKDF-SHA-256, bad key type depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:0:"":PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:0:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:0:"":PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:0:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE PSA key derivation: HKDF-SHA-256, direct secret depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C