Store the hash, rather than the pointer
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 93b4045..a3bc806 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3516,7 +3516,13 @@
operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
operation->alg = alg;
- operation->hash = hash;
+ operation->hash = mbedtls_calloc(1, hash_length);
+
+ if (operation->hash == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ memcpy(operation->hash, hash, hash_length);
operation->hash_length = hash_length;
return PSA_SUCCESS;
@@ -3643,8 +3649,12 @@
if (operation->ctx) {
mbedtls_ecdsa_free(operation->ctx);
mbedtls_free(operation->ctx);
+ operation->ctx = NULL;
}
+ mbedtls_free(operation->hash);
+ operation->hash = NULL;
+
mbedtls_ecdsa_restart_free(&operation->restart_ctx);
return PSA_SUCCESS;
@@ -3743,7 +3753,13 @@
mbedtls_ecdsa_restart_init(&operation->restart_ctx);
- operation->hash = hash;
+ operation->hash = mbedtls_calloc(1, hash_length);
+
+ if (operation->hash == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ memcpy(operation->hash, hash, hash_length);
operation->hash_length = hash_length;
return PSA_SUCCESS;
@@ -3802,8 +3818,12 @@
if (operation->ctx) {
mbedtls_ecdsa_free(operation->ctx);
mbedtls_free(operation->ctx);
+ operation->ctx = NULL;
}
+ mbedtls_free(operation->hash);
+ operation->hash = NULL;
+
mbedtls_ecdsa_restart_free(&operation->restart_ctx);
mbedtls_mpi_free(&operation->r);