mbedtls_psa_pake_setup: move driver password and alg init to the common part
Also in the core part change stage to computation after return from psa_driver_wrapper_pake_setup() regardless of the result. At this point driver context is active even if init has failed.
Additionally handle deallocation of password on failure in mbedtls_psa_pake_setup(). The plan was to handle deallocation on core level by calling abort on failure.
Unfortunately in this case when mbedtls_psa_pake_setup() fails with an unsupported result the built-in implementation is executed (if available) and it will reallocate the password leading to the memory leak.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1c066ce..e2cb06f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7494,12 +7494,13 @@
status = psa_driver_wrapper_pake_setup(operation, &inputs);
+ operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
+
/* Driver is responsible for creating its own copy of the password. */
mbedtls_platform_zeroize(inputs.password, inputs.password_len);
mbedtls_free(inputs.password);
if (status == PSA_SUCCESS) {
- operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
if (operation->alg == PSA_ALG_JPAKE) {
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;