summaryrefslogtreecommitdiff
path: root/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch')
-rw-r--r--meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch241
1 files changed, 241 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch
new file mode 100644
index 0000000000..bdafcead08
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch
@@ -0,0 +1,241 @@
+From 07277e2ab4b54e5844c28f0cb33e64a91aa5f492 Mon Sep 17 00:00:00 2001
+From: Julian Hall <julian.hall@arm.com>
+Date: Wed, 16 Feb 2022 10:37:04 +0000
+Subject: [PATCH] Fix multi-part termination on error
+
+For multi-part operations, the PSA Crypto API specifies that if
+the final operation does not return PSA_SUCCESS, the abort
+operaion must be called by a client to clean-up the operation.
+This change modifies behaviour in-line with the API definition.
+
+Signed-off-by: Julian Hall <julian.hall@arm.com>
+Change-Id: Ia3d3ec004164647a7ab5988cac45c39c22e76e9a
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+
+
+---
+ components/service/crypto/client/psa/psa_aead.c | 8 ++++++++
+ components/service/crypto/client/psa/psa_cipher.c | 4 ++++
+ components/service/crypto/client/psa/psa_hash.c | 10 ++++++++++
+ components/service/crypto/client/psa/psa_mac.c | 10 ++++++++++
+ .../crypto/provider/extension/aead/aead_provider.c | 10 +++++-----
+ .../provider/extension/cipher/cipher_provider.c | 6 +++---
+ .../crypto/provider/extension/hash/hash_provider.c | 6 +++---
+ .../crypto/provider/extension/mac/mac_provider.c | 11 +++++++----
+ 8 files changed, 50 insertions(+), 15 deletions(-)
+
+diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c
+index e4579e63..559eb6a3 100644
+--- a/components/service/crypto/client/psa/psa_aead.c
++++ b/components/service/crypto/client/psa/psa_aead.c
+@@ -241,6 +241,10 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key,
+
+ *aeadtext_length = bytes_output + remaining_aead_len + tag_len;
+ }
++ else {
++
++ psa_aead_abort(&operation);
++ }
+ }
+ else {
+
+@@ -292,6 +296,10 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key,
+
+ *plaintext_length = bytes_output + remaining_plaintext_len;
+ }
++ else {
++
++ psa_aead_abort(&operation);
++ }
+ }
+ else {
+
+diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c
+index 111af829..4e4264b6 100644
+--- a/components/service/crypto/client/psa/psa_cipher.c
++++ b/components/service/crypto/client/psa/psa_cipher.c
+@@ -146,6 +146,10 @@ static psa_status_t multi_cipher_update(psa_cipher_operation_t *operation,
+
+ *output_length = bytes_output + finish_output_len;
+ }
++ else {
++
++ psa_cipher_abort(operation);
++ }
+ }
+ else {
+
+diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c
+index 83278de6..e5dd0030 100644
+--- a/components/service/crypto/client/psa/psa_hash.c
++++ b/components/service/crypto/client/psa/psa_hash.c
+@@ -137,6 +137,11 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ if (psa_status == PSA_SUCCESS) {
+
+ psa_status = psa_hash_verify(&operation, hash, hash_length);
++
++ if (psa_status != PSA_SUCCESS) {
++
++ psa_hash_abort(&operation);
++ }
+ }
+
+ return psa_status;
+@@ -155,6 +160,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ if (psa_status == PSA_SUCCESS) {
+
+ psa_status = psa_hash_finish(&operation, hash, hash_size, hash_length);
++
++ if (psa_status != PSA_SUCCESS) {
++
++ psa_hash_abort(&operation);
++ }
+ }
+
+ return psa_status;
+diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c
+index 5c5eb32a..a3db8644 100644
+--- a/components/service/crypto/client/psa/psa_mac.c
++++ b/components/service/crypto/client/psa/psa_mac.c
+@@ -129,6 +129,11 @@ psa_status_t psa_mac_verify(psa_key_id_t key,
+ if (psa_status == PSA_SUCCESS) {
+
+ psa_status = psa_mac_verify_finish(&operation, mac, mac_length);
++
++ if (psa_status != PSA_SUCCESS) {
++
++ psa_mac_abort(&operation);
++ }
+ }
+
+ return psa_status;
+@@ -153,6 +158,11 @@ psa_status_t psa_mac_compute(psa_key_id_t key,
+ if (psa_status == PSA_SUCCESS) {
+
+ psa_status = psa_mac_sign_finish(&operation, mac, mac_size, mac_length);
++
++ if (psa_status != PSA_SUCCESS) {
++
++ psa_mac_abort(&operation);
++ }
+ }
+
+ return psa_status;
+diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
+index f4e81a03..14a25436 100644
+--- a/components/service/crypto/provider/extension/aead/aead_provider.c
++++ b/components/service/crypto/provider/extension/aead/aead_provider.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -369,9 +369,9 @@ static rpc_status_t aead_finish_handler(void *context, struct call_req *req)
+ rpc_status = serializer->serialize_aead_finish_resp(resp_buf,
+ ciphertext, ciphertext_len,
+ tag, tag_len);
+- }
+
+- crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ }
+ }
+
+ call_req_set_opstatus(req, psa_status);
+@@ -418,9 +418,9 @@ static rpc_status_t aead_verify_handler(void *context, struct call_req *req)
+ struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
+ rpc_status = serializer->serialize_aead_verify_resp(resp_buf,
+ plaintext, plaintext_len);
+- }
+
+- crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ }
+ }
+
+ call_req_set_opstatus(req, psa_status);
+diff --git a/components/service/crypto/provider/extension/cipher/cipher_provider.c b/components/service/crypto/provider/extension/cipher/cipher_provider.c
+index 8e7a86de..a5dd0371 100644
+--- a/components/service/crypto/provider/extension/cipher/cipher_provider.c
++++ b/components/service/crypto/provider/extension/cipher/cipher_provider.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -283,9 +283,9 @@ static rpc_status_t cipher_finish_handler(void *context, struct call_req* req)
+
+ struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
+ rpc_status = serializer->serialize_cipher_finish_resp(resp_buf, output, output_len);
+- }
+
+- crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ }
+ }
+
+ call_req_set_opstatus(req, psa_status);
+diff --git a/components/service/crypto/provider/extension/hash/hash_provider.c b/components/service/crypto/provider/extension/hash/hash_provider.c
+index 2c560513..fd39d440 100644
+--- a/components/service/crypto/provider/extension/hash/hash_provider.c
++++ b/components/service/crypto/provider/extension/hash/hash_provider.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -179,9 +179,9 @@ static rpc_status_t hash_finish_handler(void *context, struct call_req* req)
+
+ struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
+ rpc_status = serializer->serialize_hash_finish_resp(resp_buf, hash, hash_len);
+- }
+
+- crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ }
+ }
+
+ call_req_set_opstatus(req, psa_status);
+diff --git a/components/service/crypto/provider/extension/mac/mac_provider.c b/components/service/crypto/provider/extension/mac/mac_provider.c
+index 96fe4cf3..eef55586 100644
+--- a/components/service/crypto/provider/extension/mac/mac_provider.c
++++ b/components/service/crypto/provider/extension/mac/mac_provider.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -181,9 +181,9 @@ static rpc_status_t mac_sign_finish_handler(void *context, struct call_req* req)
+
+ struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
+ rpc_status = serializer->serialize_mac_sign_finish_resp(resp_buf, mac, mac_len);
+- }
+
+- crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ }
+ }
+
+ call_req_set_opstatus(req, psa_status);
+@@ -220,7 +220,10 @@ static rpc_status_t mac_verify_finish_handler(void *context, struct call_req* re
+
+ psa_status = psa_mac_verify_finish(&crypto_context->op.mac, mac, mac_len);
+
+- crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ if (psa_status == PSA_SUCCESS) {
++
++ crypto_context_pool_free(&this_instance->context_pool, crypto_context);
++ }
+ }
+
+ call_req_set_opstatus(req, psa_status);
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-21 18:48:26 +0300