Attestation: Add close key after open key

2019-02-19 15:45:53 +02:00 · 2019-02-19 15:45:53 +02:00 · bd7061eaba
parent 715305accf
commit bd7061eaba
2 changed files with 12 additions and 0 deletions
--- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c
+++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c
@ -111,10 +111,12 @@ tfm_plat_get_initial_attest_key(uint8_t          *key_buf,
    crypto_ret = psa_get_key_information(handle, &type, &bits);
    if (crypto_ret != PSA_SUCCESS)
    {
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }
    if (!PSA_KEY_TYPE_IS_ECC(type))
    {
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }
    public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type);
@ -122,6 +124,7 @@ tfm_plat_get_initial_attest_key(uint8_t          *key_buf,
    public_key = (uint8_t *) malloc(public_key_size);
    if (public_key == NULL)
    {
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }

@ -131,6 +134,7 @@ tfm_plat_get_initial_attest_key(uint8_t          *key_buf,
    if (crypto_ret != PSA_SUCCESS)
    {
        free(public_key);
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }

@ -139,6 +143,7 @@ tfm_plat_get_initial_attest_key(uint8_t          *key_buf,
    if (crypto_ret != PSA_SUCCESS)
    {
        free(public_key);
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }

@ -185,5 +190,6 @@ tfm_plat_get_initial_attest_key(uint8_t          *key_buf,
    }

    free(public_key);
+    psa_close_key(handle);
    return TFM_PLAT_ERR_SUCCESS;
 }
--- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c
+++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c
@ -83,9 +83,11 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf

    crypto_ret = psa_get_key_information(handle, &type, &bits);
    if (crypto_ret != PSA_SUCCESS) {
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }
    if (!PSA_KEY_TYPE_IS_ECC(type)) {
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }
    public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type);
@ -100,12 +102,14 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf
                                       &public_key_length);
    if (crypto_ret != PSA_SUCCESS) {
        free(public_key);
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }

    crypto_ret = psa_hash_setup(&hash_handle, PSA_ALG_SHA_256);
    if (crypto_ret != PSA_SUCCESS) {
        free(public_key);
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }

@ -117,10 +121,12 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf
                                 (size_t *) size);
    if (crypto_ret != PSA_SUCCESS) {
        free(public_key);
+        psa_close_key(handle);
        return TFM_PLAT_ERR_SYSTEM_ERR;
    }

    free(public_key);
+    psa_close_key(handle);
    return TFM_PLAT_ERR_SUCCESS;
 }