Fix secure element key error handling

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2025-09-07 14:15:58 -04:00 · 2023-11-16 16:44:13 +00:00 · 2023-11-16 16:44:13 +00:00 · 68a85e24fc
commit 68a85e24fc
parent e44be6a7d3
2 changed files with 8 additions and 0 deletions
--- a/ChangeLog.d/fix-secure-element-key-creation.txt
+++ b/ChangeLog.d/fix-secure-element-key-creation.txt
@ -0,0 +1,5 @@
+Bugfix
+   * Fix error handling when creating a key in a dynamic secure element
+     (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
+     the creation could return PSA_SUCCESS but using or destroying the key
+     would not work. Fixes #8537.
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -1710,6 +1710,9 @@ static psa_status_t psa_start_key_creation(

        status = psa_copy_key_material_into_slot(
            slot, (uint8_t *) (&slot_number), sizeof(slot_number));
+        if (status != PSA_SUCCESS) {
+                return status;
+        }
    }

    if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {