lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

tls: pake: do not destroy key on errors while setting opaque password

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti
2022-12-02 11:07:11 +01:00
parent e98db0b866
commit 757f359474
1 changed files with 7 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
library/ssl_tls.c
View File

@@ -1950,31 +1950,24 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite ); status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ goto error;
psa_destroy_key( ssl->handshake->psa_pake_password );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role ); status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ goto error;
psa_destroy_key( ssl->handshake->psa_pake_password );
psa_pake_abort( &ssl->handshake->psa_pake_ctx );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx,
ssl->handshake->psa_pake_password ); ssl->handshake->psa_pake_password );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ goto error;
psa_destroy_key( ssl->handshake->psa_pake_password );
psa_pake_abort( &ssl->handshake->psa_pake_ctx );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
ssl->handshake->psa_pake_ctx_is_ok = 1; ssl->handshake->psa_pake_ctx_is_ok = 1;
return( 0 ); return( 0 );
error:
psa_pake_abort( &ssl->handshake->psa_pake_ctx );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
} }
#else /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_USE_PSA_CRYPTO */
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,