Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / 6516324b2115b9dfda73ed6043192a2c381735cf / . / meta-arm / meta-arm-bsp / recipes-security / optee / optee-os-3.20.0 / CVE-2023-41325.patch
blob: 08acce07f9dcfa4cd89e833aa0f183b947398227 [file] [log] [blame]
Patrick Williamsac13d5f2023-11-24 18:59:46 -0600[diff] [blame]1From 800627f054959aac0dd3527495ee3fad0137600a Mon Sep 17 00:00:00 2001
2From: Jihwan Park <jihwp@amazon.com>
3Date: Mon, 3 Jul 2023 08:51:47 +0200
4Subject: [PATCH] core: crypto_bignum_free(): add indirection and set pointer
5 to NULL
6
7To prevent human mistake, crypto_bignum_free() sets the location of the
8bignum pointer to NULL after freeing it.
9
10Signed-off-by: Jihwan Park <jihwp@amazon.com>
11Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
12Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
13Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
14Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
15
16CVE: CVE-2023-41325
17Upstream-Status: Backport
18Signed-off-by: Ross Burton <ross.burton@arm.com>
19---
20 core/crypto/crypto.c | 4 +--
21 core/drivers/crypto/caam/acipher/caam_dh.c | 8 ++---
22 core/drivers/crypto/caam/acipher/caam_dsa.c | 14 ++++----
23 core/drivers/crypto/caam/acipher/caam_ecc.c | 10 +++---
24 core/drivers/crypto/caam/acipher/caam_rsa.c | 24 ++++++-------
25 core/drivers/crypto/se050/core/ecc.c | 14 ++++----
26 core/drivers/crypto/se050/core/rsa.c | 38 ++++++++++-----------
27 core/drivers/crypto/versal/ecc.c | 6 ++--
28 core/include/crypto/crypto.h | 2 +-
29 core/lib/libtomcrypt/dh.c | 8 ++---
30 core/lib/libtomcrypt/dsa.c | 14 ++++----
31 core/lib/libtomcrypt/ecc.c | 10 +++---
32 core/lib/libtomcrypt/mpi_desc.c | 9 +++--
33 core/lib/libtomcrypt/rsa.c | 22 ++++++------
34 core/tee/tee_svc_cryp.c | 7 ++--
35 lib/libmbedtls/core/bignum.c | 9 +++--
36 lib/libmbedtls/core/dh.c | 8 ++---
37 lib/libmbedtls/core/ecc.c | 10 +++---
38 lib/libmbedtls/core/rsa.c | 22 ++++++------
39 19 files changed, 122 insertions(+), 117 deletions(-)
40
41diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c
42index 9f7d35097..60cb89a31 100644
43--- a/core/crypto/crypto.c
44+++ b/core/crypto/crypto.c
45@@ -498,9 +498,9 @@ void crypto_bignum_copy(struct bignum *to __unused,
46 bignum_cant_happen();
47 }
48
49-void crypto_bignum_free(struct bignum *a)
50+void crypto_bignum_free(struct bignum **a)
51 {
52- if (a)
53+ if (a && *a)
54 panic();
55 }
56
57diff --git a/core/drivers/crypto/caam/acipher/caam_dh.c b/core/drivers/crypto/caam/acipher/caam_dh.c
58index 6131ff0ef..35fc44541 100644
59--- a/core/drivers/crypto/caam/acipher/caam_dh.c
60+++ b/core/drivers/crypto/caam/acipher/caam_dh.c
61@@ -195,10 +195,10 @@ static TEE_Result do_allocate_keypair(struct dh_keypair *key, size_t size_bits)
62 err:
63 DH_TRACE("Allocation error");
64
65- crypto_bignum_free(key->g);
66- crypto_bignum_free(key->p);
67- crypto_bignum_free(key->x);
68- crypto_bignum_free(key->y);
69+ crypto_bignum_free(&key->g);
70+ crypto_bignum_free(&key->p);
71+ crypto_bignum_free(&key->x);
72+ crypto_bignum_free(&key->y);
73
74 return TEE_ERROR_OUT_OF_MEMORY;
75 }
76diff --git a/core/drivers/crypto/caam/acipher/caam_dsa.c b/core/drivers/crypto/caam/acipher/caam_dsa.c
77index 2696f0b3c..d60bb8e89 100644
78--- a/core/drivers/crypto/caam/acipher/caam_dsa.c
79+++ b/core/drivers/crypto/caam/acipher/caam_dsa.c
80@@ -309,10 +309,10 @@ static TEE_Result do_allocate_keypair(struct dsa_keypair *key, size_t l_bits,
81 err:
82 DSA_TRACE("Allocation error");
83
84- crypto_bignum_free(key->g);
85- crypto_bignum_free(key->p);
86- crypto_bignum_free(key->q);
87- crypto_bignum_free(key->x);
88+ crypto_bignum_free(&key->g);
89+ crypto_bignum_free(&key->p);
90+ crypto_bignum_free(&key->q);
91+ crypto_bignum_free(&key->x);
92
93 return TEE_ERROR_OUT_OF_MEMORY;
94 }
95@@ -358,9 +358,9 @@ static TEE_Result do_allocate_publickey(struct dsa_public_key *key,
96 err:
97 DSA_TRACE("Allocation error");
98
99- crypto_bignum_free(key->g);
100- crypto_bignum_free(key->p);
101- crypto_bignum_free(key->q);
102+ crypto_bignum_free(&key->g);
103+ crypto_bignum_free(&key->p);
104+ crypto_bignum_free(&key->q);
105
106 return TEE_ERROR_OUT_OF_MEMORY;
107 }
108diff --git a/core/drivers/crypto/caam/acipher/caam_ecc.c b/core/drivers/crypto/caam/acipher/caam_ecc.c
109index 90e87c20a..6b12b6cbe 100644
110--- a/core/drivers/crypto/caam/acipher/caam_ecc.c
111+++ b/core/drivers/crypto/caam/acipher/caam_ecc.c
112@@ -169,8 +169,8 @@ static TEE_Result do_allocate_keypair(struct ecc_keypair *key, size_t size_bits)
113 err:
114 ECC_TRACE("Allocation error");
115
116- crypto_bignum_free(key->d);
117- crypto_bignum_free(key->x);
118+ crypto_bignum_free(&key->d);
119+ crypto_bignum_free(&key->x);
120
121 return TEE_ERROR_OUT_OF_MEMORY;
122 }
123@@ -204,7 +204,7 @@ static TEE_Result do_allocate_publickey(struct ecc_public_key *key,
124 err:
125 ECC_TRACE("Allocation error");
126
127- crypto_bignum_free(key->x);
128+ crypto_bignum_free(&key->x);
129
130 return TEE_ERROR_OUT_OF_MEMORY;
131 }
132@@ -216,8 +216,8 @@ err:
133 */
134 static void do_free_publickey(struct ecc_public_key *key)
135 {
136- crypto_bignum_free(key->x);
137- crypto_bignum_free(key->y);
138+ crypto_bignum_free(&key->x);
139+ crypto_bignum_free(&key->y);
140 }
141
142 /*
143diff --git a/core/drivers/crypto/caam/acipher/caam_rsa.c b/core/drivers/crypto/caam/acipher/caam_rsa.c
144index e860c641c..b59ab0b6e 100644
145--- a/core/drivers/crypto/caam/acipher/caam_rsa.c
146+++ b/core/drivers/crypto/caam/acipher/caam_rsa.c
147@@ -86,14 +86,14 @@ static uint8_t caam_era;
148 */
149 static void do_free_keypair(struct rsa_keypair *key)
150 {
151- crypto_bignum_free(key->e);
152- crypto_bignum_free(key->d);
153- crypto_bignum_free(key->n);
154- crypto_bignum_free(key->p);
155- crypto_bignum_free(key->q);
156- crypto_bignum_free(key->qp);
157- crypto_bignum_free(key->dp);
158- crypto_bignum_free(key->dq);
159+ crypto_bignum_free(&key->e);
160+ crypto_bignum_free(&key->d);
161+ crypto_bignum_free(&key->n);
162+ crypto_bignum_free(&key->p);
163+ crypto_bignum_free(&key->q);
164+ crypto_bignum_free(&key->qp);
165+ crypto_bignum_free(&key->dp);
166+ crypto_bignum_free(&key->dq);
167 }
168
169 /*
170@@ -435,8 +435,8 @@ static TEE_Result do_allocate_publickey(struct rsa_public_key *key,
171 err_alloc_publickey:
172 RSA_TRACE("Allocation error");
173
174- crypto_bignum_free(key->e);
175- crypto_bignum_free(key->n);
176+ crypto_bignum_free(&key->e);
177+ crypto_bignum_free(&key->n);
178
179 return TEE_ERROR_OUT_OF_MEMORY;
180 }
181@@ -448,8 +448,8 @@ err_alloc_publickey:
182 */
183 static void do_free_publickey(struct rsa_public_key *key)
184 {
185- crypto_bignum_free(key->e);
186- crypto_bignum_free(key->n);
187+ crypto_bignum_free(&key->e);
188+ crypto_bignum_free(&key->n);
189 }
190
191 /*
192diff --git a/core/drivers/crypto/se050/core/ecc.c b/core/drivers/crypto/se050/core/ecc.c
193index d74334760..52f82c69d 100644
194--- a/core/drivers/crypto/se050/core/ecc.c
195+++ b/core/drivers/crypto/se050/core/ecc.c
196@@ -752,9 +752,9 @@ static TEE_Result do_alloc_keypair(struct ecc_keypair *s,
197 goto err;
198 return TEE_SUCCESS;
199 err:
200- crypto_bignum_free(s->d);
201- crypto_bignum_free(s->x);
202- crypto_bignum_free(s->y);
203+ crypto_bignum_free(&s->d);
204+ crypto_bignum_free(&s->x);
205+ crypto_bignum_free(&s->y);
206 return TEE_ERROR_OUT_OF_MEMORY;
207 }
208
209@@ -768,8 +768,8 @@ static TEE_Result do_alloc_publickey(struct ecc_public_key *s,
210 goto err;
211 return TEE_SUCCESS;
212 err:
213- crypto_bignum_free(s->x);
214- crypto_bignum_free(s->y);
215+ crypto_bignum_free(&s->x);
216+ crypto_bignum_free(&s->y);
217 return TEE_ERROR_OUT_OF_MEMORY;
218 }
219
220@@ -778,8 +778,8 @@ static void do_free_publickey(struct ecc_public_key *s)
221 if (!s)
222 return;
223
224- crypto_bignum_free(s->x);
225- crypto_bignum_free(s->y);
226+ crypto_bignum_free(&s->x);
227+ crypto_bignum_free(&s->y);
228 }
229
230 static struct drvcrypt_ecc driver_ecc = {
231diff --git a/core/drivers/crypto/se050/core/rsa.c b/core/drivers/crypto/se050/core/rsa.c
232index 815abb3cd..475d2b99a 100644
233--- a/core/drivers/crypto/se050/core/rsa.c
234+++ b/core/drivers/crypto/se050/core/rsa.c
235@@ -537,14 +537,14 @@ static TEE_Result do_alloc_keypair(struct rsa_keypair *s,
236
237 return TEE_SUCCESS;
238 err:
239- crypto_bignum_free(s->e);
240- crypto_bignum_free(s->d);
241- crypto_bignum_free(s->n);
242- crypto_bignum_free(s->p);
243- crypto_bignum_free(s->q);
244- crypto_bignum_free(s->qp);
245- crypto_bignum_free(s->dp);
246- crypto_bignum_free(s->dq);
247+ crypto_bignum_free(&s->e);
248+ crypto_bignum_free(&s->d);
249+ crypto_bignum_free(&s->n);
250+ crypto_bignum_free(&s->p);
251+ crypto_bignum_free(&s->q);
252+ crypto_bignum_free(&s->qp);
253+ crypto_bignum_free(&s->dp);
254+ crypto_bignum_free(&s->dq);
255
256 return TEE_ERROR_OUT_OF_MEMORY;
257 }
258@@ -556,7 +556,7 @@ static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
259 if (!bn_alloc_max(&s->e))
260 return TEE_ERROR_OUT_OF_MEMORY;
261 if (!bn_alloc_max(&s->n)) {
262- crypto_bignum_free(s->e);
263+ crypto_bignum_free(&s->e);
264 return TEE_ERROR_OUT_OF_MEMORY;
265 }
266
267@@ -566,8 +566,8 @@ static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
268 static void do_free_publickey(struct rsa_public_key *s)
269 {
270 if (s) {
271- crypto_bignum_free(s->n);
272- crypto_bignum_free(s->e);
273+ crypto_bignum_free(&s->n);
274+ crypto_bignum_free(&s->e);
275 }
276 }
277
278@@ -587,14 +587,14 @@ static void do_free_keypair(struct rsa_keypair *s)
279 sss_se05x_key_store_erase_key(se050_kstore, &k_object);
280 }
281
282- crypto_bignum_free(s->e);
283- crypto_bignum_free(s->d);
284- crypto_bignum_free(s->n);
285- crypto_bignum_free(s->p);
286- crypto_bignum_free(s->q);
287- crypto_bignum_free(s->qp);
288- crypto_bignum_free(s->dp);
289- crypto_bignum_free(s->dq);
290+ crypto_bignum_free(&s->e);
291+ crypto_bignum_free(&s->d);
292+ crypto_bignum_free(&s->n);
293+ crypto_bignum_free(&s->p);
294+ crypto_bignum_free(&s->q);
295+ crypto_bignum_free(&s->qp);
296+ crypto_bignum_free(&s->dp);
297+ crypto_bignum_free(&s->dq);
298 }
299
300 static TEE_Result do_gen_keypair(struct rsa_keypair *key, size_t kb)
301diff --git a/core/drivers/crypto/versal/ecc.c b/core/drivers/crypto/versal/ecc.c
302index 3d5454509..18ec4f78d 100644
303--- a/core/drivers/crypto/versal/ecc.c
304+++ b/core/drivers/crypto/versal/ecc.c
305@@ -284,9 +284,9 @@ static TEE_Result sign(uint32_t algo, struct ecc_keypair *key,
306
307 versal_mbox_alloc(bytes, NULL, &k);
308 crypto_bignum_bn2bin_eswap(key->curve, ephemeral.d, k.buf);
309- crypto_bignum_free(ephemeral.d);
310- crypto_bignum_free(ephemeral.x);
311- crypto_bignum_free(ephemeral.y);
312+ crypto_bignum_free(&ephemeral.d);
313+ crypto_bignum_free(&ephemeral.x);
314+ crypto_bignum_free(&ephemeral.y);
315
316 /* Private key*/
317 versal_mbox_alloc(bytes, NULL, &d);
318diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h
319index 71a287ec6..0e6c139ce 100644
320--- a/core/include/crypto/crypto.h
321+++ b/core/include/crypto/crypto.h
322@@ -98,7 +98,7 @@ size_t crypto_bignum_num_bytes(struct bignum *a);
323 size_t crypto_bignum_num_bits(struct bignum *a);
324 void crypto_bignum_bn2bin(const struct bignum *from, uint8_t *to);
325 void crypto_bignum_copy(struct bignum *to, const struct bignum *from);
326-void crypto_bignum_free(struct bignum *a);
327+void crypto_bignum_free(struct bignum **a);
328 void crypto_bignum_clear(struct bignum *a);
329
330 /* return -1 if a<b, 0 if a==b, +1 if a>b */
331diff --git a/core/lib/libtomcrypt/dh.c b/core/lib/libtomcrypt/dh.c
332index 4eb9916f2..b1d0a4d00 100644
333--- a/core/lib/libtomcrypt/dh.c
334+++ b/core/lib/libtomcrypt/dh.c
335@@ -28,10 +28,10 @@ TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s,
336 goto err;
337 return TEE_SUCCESS;
338 err:
339- crypto_bignum_free(s->g);
340- crypto_bignum_free(s->p);
341- crypto_bignum_free(s->y);
342- crypto_bignum_free(s->x);
343+ crypto_bignum_free(&s->g);
344+ crypto_bignum_free(&s->p);
345+ crypto_bignum_free(&s->y);
346+ crypto_bignum_free(&s->x);
347 return TEE_ERROR_OUT_OF_MEMORY;
348 }
349
350diff --git a/core/lib/libtomcrypt/dsa.c b/core/lib/libtomcrypt/dsa.c
351index a2dc720ed..d6243c469 100644
352--- a/core/lib/libtomcrypt/dsa.c
353+++ b/core/lib/libtomcrypt/dsa.c
354@@ -30,10 +30,10 @@ TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s,
355 goto err;
356 return TEE_SUCCESS;
357 err:
358- crypto_bignum_free(s->g);
359- crypto_bignum_free(s->p);
360- crypto_bignum_free(s->q);
361- crypto_bignum_free(s->y);
362+ crypto_bignum_free(&s->g);
363+ crypto_bignum_free(&s->p);
364+ crypto_bignum_free(&s->q);
365+ crypto_bignum_free(&s->y);
366 return TEE_ERROR_OUT_OF_MEMORY;
367 }
368
369@@ -52,9 +52,9 @@ TEE_Result crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s,
370 goto err;
371 return TEE_SUCCESS;
372 err:
373- crypto_bignum_free(s->g);
374- crypto_bignum_free(s->p);
375- crypto_bignum_free(s->q);
376+ crypto_bignum_free(&s->g);
377+ crypto_bignum_free(&s->p);
378+ crypto_bignum_free(&s->q);
379 return TEE_ERROR_OUT_OF_MEMORY;
380 }
381
382diff --git a/core/lib/libtomcrypt/ecc.c b/core/lib/libtomcrypt/ecc.c
383index 938378247..fa645e17a 100644
384--- a/core/lib/libtomcrypt/ecc.c
385+++ b/core/lib/libtomcrypt/ecc.c
386@@ -18,8 +18,8 @@ static void _ltc_ecc_free_public_key(struct ecc_public_key *s)
387 if (!s)
388 return;
389
390- crypto_bignum_free(s->x);
391- crypto_bignum_free(s->y);
392+ crypto_bignum_free(&s->x);
393+ crypto_bignum_free(&s->y);
394 }
395
396 /*
397@@ -465,8 +465,8 @@ TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *s,
398 err:
399 s->ops = NULL;
400
401- crypto_bignum_free(s->d);
402- crypto_bignum_free(s->x);
403+ crypto_bignum_free(&s->d);
404+ crypto_bignum_free(&s->x);
405
406 return TEE_ERROR_OUT_OF_MEMORY;
407 }
408@@ -541,7 +541,7 @@ TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *s,
409 err:
410 s->ops = NULL;
411
412- crypto_bignum_free(s->x);
413+ crypto_bignum_free(&s->x);
414
415 return TEE_ERROR_OUT_OF_MEMORY;
416 }
417diff --git a/core/lib/libtomcrypt/mpi_desc.c b/core/lib/libtomcrypt/mpi_desc.c
418index 235fbe630..ff8dd13c7 100644
419--- a/core/lib/libtomcrypt/mpi_desc.c
420+++ b/core/lib/libtomcrypt/mpi_desc.c
421@@ -763,10 +763,13 @@ struct bignum *crypto_bignum_allocate(size_t size_bits)
422 return (struct bignum *)bn;
423 }
424
425-void crypto_bignum_free(struct bignum *s)
426+void crypto_bignum_free(struct bignum **s)
427 {
428- mbedtls_mpi_free((mbedtls_mpi *)s);
429- free(s);
430+ assert(s);
431+
432+ mbedtls_mpi_free((mbedtls_mpi *)*s);
433+ free(*s);
434+ *s = NULL;
435 }
436
437 void crypto_bignum_clear(struct bignum *s)
438diff --git a/core/lib/libtomcrypt/rsa.c b/core/lib/libtomcrypt/rsa.c
439index 8d0443f36..13ed23934 100644
440--- a/core/lib/libtomcrypt/rsa.c
441+++ b/core/lib/libtomcrypt/rsa.c
442@@ -131,7 +131,7 @@ TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
443 goto err;
444 return TEE_SUCCESS;
445 err:
446- crypto_bignum_free(s->e);
447+ crypto_bignum_free(&s->e);
448 return TEE_ERROR_OUT_OF_MEMORY;
449 }
450
451@@ -143,8 +143,8 @@ void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
452 {
453 if (!s)
454 return;
455- crypto_bignum_free(s->n);
456- crypto_bignum_free(s->e);
457+ crypto_bignum_free(&s->n);
458+ crypto_bignum_free(&s->e);
459 }
460
461
462@@ -155,14 +155,14 @@ void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
463 {
464 if (!s)
465 return;
466- crypto_bignum_free(s->e);
467- crypto_bignum_free(s->d);
468- crypto_bignum_free(s->n);
469- crypto_bignum_free(s->p);
470- crypto_bignum_free(s->q);
471- crypto_bignum_free(s->qp);
472- crypto_bignum_free(s->dp);
473- crypto_bignum_free(s->dq);
474+ crypto_bignum_free(&s->e);
475+ crypto_bignum_free(&s->d);
476+ crypto_bignum_free(&s->n);
477+ crypto_bignum_free(&s->p);
478+ crypto_bignum_free(&s->q);
479+ crypto_bignum_free(&s->qp);
480+ crypto_bignum_free(&s->dp);
481+ crypto_bignum_free(&s->dq);
482 }
483
484 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key,
485diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
486index 534e5ac39..880809753 100644
487--- a/core/tee/tee_svc_cryp.c
488+++ b/core/tee/tee_svc_cryp.c
489@@ -869,8 +869,7 @@ static void op_attr_bignum_free(void *attr)
490 {
491 struct bignum **bn = attr;
492
493- crypto_bignum_free(*bn);
494- *bn = NULL;
495+ crypto_bignum_free(bn);
496 }
497
498 static TEE_Result op_attr_value_from_user(void *attr, const void *buffer,
499@@ -3445,8 +3444,8 @@ TEE_Result syscall_cryp_derive_key(unsigned long state,
500 } else {
501 res = TEE_ERROR_OUT_OF_MEMORY;
502 }
503- crypto_bignum_free(pub);
504- crypto_bignum_free(ss);
505+ crypto_bignum_free(&pub);
506+ crypto_bignum_free(&ss);
507 } else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_ECDH) {
508 struct ecc_public_key key_public;
509 uint8_t *pt_secret;
510diff --git a/lib/libmbedtls/core/bignum.c b/lib/libmbedtls/core/bignum.c
511index 61f6c5c60..dea30f61a 100644
512--- a/lib/libmbedtls/core/bignum.c
513+++ b/lib/libmbedtls/core/bignum.c
514@@ -87,10 +87,13 @@ struct bignum *crypto_bignum_allocate(size_t size_bits)
515 return (struct bignum *)bn;
516 }
517
518-void crypto_bignum_free(struct bignum *s)
519+void crypto_bignum_free(struct bignum **s)
520 {
521- mbedtls_mpi_free((mbedtls_mpi *)s);
522- free(s);
523+ assert(s);
524+
525+ mbedtls_mpi_free((mbedtls_mpi *)*s);
526+ free(*s);
527+ *s = NULL;
528 }
529
530 void crypto_bignum_clear(struct bignum *s)
531diff --git a/lib/libmbedtls/core/dh.c b/lib/libmbedtls/core/dh.c
532index b3415aaa7..e95aa1495 100644
533--- a/lib/libmbedtls/core/dh.c
534+++ b/lib/libmbedtls/core/dh.c
535@@ -35,10 +35,10 @@ TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s,
536 goto err;
537 return TEE_SUCCESS;
538 err:
539- crypto_bignum_free(s->g);
540- crypto_bignum_free(s->p);
541- crypto_bignum_free(s->y);
542- crypto_bignum_free(s->x);
543+ crypto_bignum_free(&s->g);
544+ crypto_bignum_free(&s->p);
545+ crypto_bignum_free(&s->y);
546+ crypto_bignum_free(&s->x);
547 return TEE_ERROR_OUT_OF_MEMORY;
548 }
549
550diff --git a/lib/libmbedtls/core/ecc.c b/lib/libmbedtls/core/ecc.c
551index fd4a51b9d..46cd9fd1c 100644
552--- a/lib/libmbedtls/core/ecc.c
553+++ b/lib/libmbedtls/core/ecc.c
554@@ -40,8 +40,8 @@ static void ecc_free_public_key(struct ecc_public_key *s)
555 if (!s)
556 return;
557
558- crypto_bignum_free(s->x);
559- crypto_bignum_free(s->y);
560+ crypto_bignum_free(&s->x);
561+ crypto_bignum_free(&s->y);
562 }
563
564 /*
565@@ -484,8 +484,8 @@ TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *s,
566 return TEE_SUCCESS;
567
568 err:
569- crypto_bignum_free(s->d);
570- crypto_bignum_free(s->x);
571+ crypto_bignum_free(&s->d);
572+ crypto_bignum_free(&s->x);
573
574 return TEE_ERROR_OUT_OF_MEMORY;
575 }
576@@ -581,7 +581,7 @@ TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *s,
577 return TEE_SUCCESS;
578
579 err:
580- crypto_bignum_free(s->x);
581+ crypto_bignum_free(&s->x);
582
583 return TEE_ERROR_OUT_OF_MEMORY;
584 }
585diff --git a/lib/libmbedtls/core/rsa.c b/lib/libmbedtls/core/rsa.c
586index c3b5be509..a8aeb2c04 100644
587--- a/lib/libmbedtls/core/rsa.c
588+++ b/lib/libmbedtls/core/rsa.c
589@@ -183,7 +183,7 @@ TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
590 goto err;
591 return TEE_SUCCESS;
592 err:
593- crypto_bignum_free(s->e);
594+ crypto_bignum_free(&s->e);
595 return TEE_ERROR_OUT_OF_MEMORY;
596 }
597
598@@ -194,8 +194,8 @@ void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
599 {
600 if (!s)
601 return;
602- crypto_bignum_free(s->n);
603- crypto_bignum_free(s->e);
604+ crypto_bignum_free(&s->n);
605+ crypto_bignum_free(&s->e);
606 }
607
608 void crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
609@@ -205,14 +205,14 @@ void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
610 {
611 if (!s)
612 return;
613- crypto_bignum_free(s->e);
614- crypto_bignum_free(s->d);
615- crypto_bignum_free(s->n);
616- crypto_bignum_free(s->p);
617- crypto_bignum_free(s->q);
618- crypto_bignum_free(s->qp);
619- crypto_bignum_free(s->dp);
620- crypto_bignum_free(s->dq);
621+ crypto_bignum_free(&s->e);
622+ crypto_bignum_free(&s->d);
623+ crypto_bignum_free(&s->n);
624+ crypto_bignum_free(&s->p);
625+ crypto_bignum_free(&s->q);
626+ crypto_bignum_free(&s->qp);
627+ crypto_bignum_free(&s->dp);
628+ crypto_bignum_free(&s->dq);
629 }
630
631 TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key,
632--
6332.34.1
634