[Silabs]Fix a memory leak in Efr32PsaOperationalKeystore (project-chip#30292)

jmartinez-silabs · web-flow · commit 9d0a7e378434 · 2023-11-08T16:24:53.000Z
* Free mPendingKeypair before setting it to null

* add clarifications. rename function
diff --git a/src/platform/silabs/efr32/Efr32OpaqueKeypair.h b/src/platform/silabs/efr32/Efr32OpaqueKeypair.h
@@ -132,7 +132,7 @@ class EFR32OpaqueKeypair
      *
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR Delete();
+    CHIP_ERROR DestroyKey();
 
 protected:
     void * mContext      = nullptr;
diff --git a/src/platform/silabs/efr32/Efr32PsaOpaqueKeypair.cpp b/src/platform/silabs/efr32/Efr32PsaOpaqueKeypair.cpp
@@ -124,7 +124,7 @@ EFR32OpaqueKeypair::~EFR32OpaqueKeypair()
         // Delete volatile keys, since nobody else can after we drop the key ID.
         if (!mIsPersistent)
         {
-            Delete();
+            DestroyKey();
         }
 
         MemoryFree(mContext);
@@ -145,7 +145,7 @@ CHIP_ERROR EFR32OpaqueKeypair::Load(EFR32OpaqueKeyId opaque_id)
     // If the object contains a volatile key, clean it up before reusing the object storage
     if (mHasKey && !mIsPersistent)
     {
-        Delete();
+        DestroyKey();
     }
 
     key_id = psa_key_id_from_opaque(opaque_id);
@@ -342,7 +342,7 @@ CHIP_ERROR EFR32OpaqueKeypair::Derive(const uint8_t * their_key, size_t their_ke
     return error;
 }
 
-CHIP_ERROR EFR32OpaqueKeypair::Delete()
+CHIP_ERROR EFR32OpaqueKeypair::DestroyKey()
 {
     CHIP_ERROR error    = CHIP_NO_ERROR;
     psa_status_t status = PSA_ERROR_BAD_STATE;
diff --git a/src/platform/silabs/efr32/Efr32PsaOperationalKeystore.cpp b/src/platform/silabs/efr32/Efr32PsaOperationalKeystore.cpp
@@ -209,7 +209,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::NewOpKeypairForFabric(FabricIndex fabric
         }
         else
         {
-            mPendingKeypair->Delete();
+            mPendingKeypair->DestroyKey();
             if (id == kEFR32OpaqueKeyIdVolatile)
             {
                 id = kEFR32OpaqueKeyIdUnknown;
@@ -313,9 +313,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::CommitOpKeypairForFabric(FabricIndex fab
     // There's a good chance we'll need the key again soon
     mCachedKey->Load(id);
 
-    mPendingKeypair         = nullptr;
-    mIsPendingKeypairActive = false;
-    mPendingFabricIndex     = kUndefinedFabricIndex;
+    ResetPendingKey(true /* keepKeyPairInStorage */);
 
     return CHIP_NO_ERROR;
 }
@@ -361,7 +359,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fab
     if (id == cachedId)
     {
         // Delete from persistent storage and unload
-        mCachedKey->Delete();
+        mCachedKey->DestroyKey();
         return CHIP_NO_ERROR;
     }
 
@@ -372,7 +370,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fab
         return CHIP_ERROR_INTERNAL;
     }
 
-    mCachedKey->Delete();
+    mCachedKey->DestroyKey();
 
     return CHIP_NO_ERROR;
 }
diff --git a/src/platform/silabs/efr32/Efr32PsaOperationalKeystore.h b/src/platform/silabs/efr32/Efr32PsaOperationalKeystore.h
@@ -94,13 +94,17 @@ class Efr32PsaOperationalKeystore : public chip::Crypto::OperationalKeystore
     bool mIsInitialized                      = false;
 
 private:
-    void ResetPendingKey()
+    void ResetPendingKey(bool keepKeyPairInStorage = false)
     {
-        if (mPendingKeypair != nullptr)
+        if (mPendingKeypair != nullptr && !keepKeyPairInStorage)
         {
-            mPendingKeypair->Delete();
-            Platform::Delete(mPendingKeypair);
+            // This removes the PSA Keypair from storage and unloads it
+            // using the EFR32OpaqueKeypair context.
+            // We destroy it when the OperationKeyStore process failed.
+            mPendingKeypair->DestroyKey();
         }
+
+        Platform::Delete(mPendingKeypair);
         mPendingKeypair         = nullptr;
         mIsPendingKeypairActive = false;
         mPendingFabricIndex     = kUndefinedFabricIndex;

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ class EFR32OpaqueKeypair`
`132`	`132`	`*`
`133`	`133`	`* @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise`
`134`	`134`	`**/`
`135`		`- CHIP_ERROR Delete();`
	`135`	`+ CHIP_ERROR DestroyKey();`
`136`	`136`
`137`	`137`	`protected:`
`138`	`138`	`void * mContext = nullptr;`
Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ EFR32OpaqueKeypair::~EFR32OpaqueKeypair()`
`124`	`124`	`// Delete volatile keys, since nobody else can after we drop the key ID.`
`125`	`125`	`if (!mIsPersistent)`
`126`	`126`	`{`
`127`		`- Delete();`
	`127`	`+ DestroyKey();`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`MemoryFree(mContext);`
`@@ -145,7 +145,7 @@ CHIP_ERROR EFR32OpaqueKeypair::Load(EFR32OpaqueKeyId opaque_id)`
`145`	`145`	`// If the object contains a volatile key, clean it up before reusing the object storage`
`146`	`146`	`if (mHasKey && !mIsPersistent)`
`147`	`147`	`{`
`148`		`- Delete();`
	`148`	`+ DestroyKey();`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`key_id = psa_key_id_from_opaque(opaque_id);`
`@@ -342,7 +342,7 @@ CHIP_ERROR EFR32OpaqueKeypair::Derive(const uint8_t * their_key, size_t their_ke`
`342`	`342`	`return error;`
`343`	`343`	`}`
`344`	`344`
`345`		`-CHIP_ERROR EFR32OpaqueKeypair::Delete()`
	`345`	`+CHIP_ERROR EFR32OpaqueKeypair::DestroyKey()`
`346`	`346`	`{`
`347`	`347`	`CHIP_ERROR error = CHIP_NO_ERROR;`
`348`	`348`	`psa_status_t status = PSA_ERROR_BAD_STATE;`
Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::NewOpKeypairForFabric(FabricIndex fabric`
`209`	`209`	`}`
`210`	`210`	`else`
`211`	`211`	`{`
`212`		`- mPendingKeypair->Delete();`
	`212`	`+ mPendingKeypair->DestroyKey();`
`213`	`213`	`if (id == kEFR32OpaqueKeyIdVolatile)`
`214`	`214`	`{`
`215`	`215`	`id = kEFR32OpaqueKeyIdUnknown;`
`@@ -313,9 +313,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::CommitOpKeypairForFabric(FabricIndex fab`
`313`	`313`	`// There's a good chance we'll need the key again soon`
`314`	`314`	`mCachedKey->Load(id);`
`315`	`315`
`316`		`- mPendingKeypair = nullptr;`
`317`		`- mIsPendingKeypairActive = false;`
`318`		`- mPendingFabricIndex = kUndefinedFabricIndex;`
	`316`	`+ ResetPendingKey(true /* keepKeyPairInStorage */);`
`319`	`317`
`320`	`318`	`return CHIP_NO_ERROR;`
`321`	`319`	`}`
`@@ -361,7 +359,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fab`
`361`	`359`	`if (id == cachedId)`
`362`	`360`	`{`
`363`	`361`	`// Delete from persistent storage and unload`
`364`		`- mCachedKey->Delete();`
	`362`	`+ mCachedKey->DestroyKey();`
`365`	`363`	`return CHIP_NO_ERROR;`
`366`	`364`	`}`
`367`	`365`
`@@ -372,7 +370,7 @@ CHIP_ERROR Efr32PsaOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fab`
`372`	`370`	`return CHIP_ERROR_INTERNAL;`
`373`	`371`	`}`
`374`	`372`
`375`		`- mCachedKey->Delete();`
	`373`	`+ mCachedKey->DestroyKey();`
`376`	`374`
`377`	`375`	`return CHIP_NO_ERROR;`
`378`	`376`	`}`