amp feedback

petermm · petermm · commit 21d6620176f6 · 2026-02-19T23:30:30.000+01:00
https://ampcode.com/threads/T-019c77b0-4180-77bd-aef8-37428d27e085 Signed-off-by: Peter M <petermm@gmail.com>
diff --git a/src/libAtomVM/otp_crypto.c b/src/libAtomVM/otp_crypto.c
@@ -21,8 +21,6 @@
 
 #include <otp_crypto.h>
 
-#include <stdio.h>
-
 #include <context.h>
 #include <defaultatoms.h>
 #include <globalcontext.h>
@@ -299,7 +297,7 @@ static term nif_crypto_hash(Context *ctx, int argc, term argv[])
     psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
     psa_status_t status = psa_hash_setup(&operation, alg);
     if (UNLIKELY(status != PSA_SUCCESS)) {
-        fprintf(stderr, "crypto:hash psa_hash_setup failed with status %d for alg 0x%08lx\n", (int) status, (unsigned long) alg);
+        TRACE("crypto:hash psa_hash_setup failed with status %d for alg 0x%08lx\n", (int) status, (unsigned long) alg);
         RAISE_ERROR(BADARG_ATOM);
     }
 
@@ -611,6 +609,9 @@ static term nif_crypto_crypto_one_time(Context *ctx, int argc, term argv[])
 #if MBEDTLS_VERSION_NUMBER >= 0x04000000
     bool encrypt = true;
     bool padding_pkcs7 = false;
+    psa_key_id_t key_id = 0;
+    void *temp_buf = NULL;
+    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
 
     if (term_is_list(flag_or_options)) {
         term encrypt_flag = interop_kv_get_value_default(
@@ -660,59 +661,45 @@ static term nif_crypto_crypto_one_time(Context *ctx, int argc, term argv[])
     psa_set_key_type(&attributes, key_type);
     psa_set_key_bits(&attributes, key_bits);
 
-    psa_key_id_t key_id;
     psa_status_t status = psa_import_key(&attributes, key_data, key_len, &key_id);
     if (UNLIKELY(status != PSA_SUCCESS)) {
-        free(allocated_key_data);
-        free(allocated_iv_data);
-        free(allocated_data_data);
         char err_msg[48];
         snprintf(err_msg, sizeof(err_msg), "key import err %d", (int) status);
-        RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, err_msg, ctx));
+        error_atom = make_crypto_error(__FILE__, __LINE__, err_msg, ctx);
+        goto psa_error;
     }
 
     size_t output_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, data_size);
     if (!encrypt) {
         output_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, data_size);
     }
-    void *temp_buf = malloc(output_size);
+    temp_buf = malloc(output_size);
     if (IS_NULL_PTR(temp_buf)) {
-        psa_destroy_key(key_id);
         error_atom = OUT_OF_MEMORY_ATOM;
-        goto raise_error;
+        goto psa_error;
     }
 
     size_t output_len;
-    psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
     if (encrypt) {
         status = psa_cipher_encrypt_setup(&operation, key_id, alg);
     } else {
         status = psa_cipher_decrypt_setup(&operation, key_id, alg);
     }
     if (UNLIKELY(status != PSA_SUCCESS)) {
-        psa_destroy_key(key_id);
-        free(temp_buf);
-        free(allocated_key_data);
-        free(allocated_iv_data);
-        free(allocated_data_data);
         char err_msg[48];
         snprintf(err_msg, sizeof(err_msg), "cipher setup err %d", (int) status);
-        RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, err_msg, ctx));
+        error_atom = make_crypto_error(__FILE__, __LINE__, err_msg, ctx);
+        goto psa_error;
     }
 
     // PSA rejects IVs for ECB; ignore IV to preserve legacy behavior.
     if (iv_len > 0 && alg != PSA_ALG_ECB_NO_PADDING) {
         status = psa_cipher_set_iv(&operation, iv_data, iv_len);
         if (UNLIKELY(status != PSA_SUCCESS)) {
-            psa_cipher_abort(&operation);
-            psa_destroy_key(key_id);
-            free(temp_buf);
-            free(allocated_key_data);
-            free(allocated_iv_data);
-            free(allocated_data_data);
             char err_msg[24];
             snprintf(err_msg, sizeof(err_msg), "IV err %d", (int) status);
-            RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, err_msg, ctx));
+            error_atom = make_crypto_error(__FILE__, __LINE__, err_msg, ctx);
+            goto psa_error;
         }
     }
 
@@ -728,6 +715,9 @@ static term nif_crypto_crypto_one_time(Context *ctx, int argc, term argv[])
             psa_cipher_abort(&operation);
             psa_destroy_key(key_id);
             free(temp_buf);
+            if (allocated_key_data) {
+                memset(allocated_key_data, 0, key_len);
+            }
             free(allocated_key_data);
             free(allocated_iv_data);
             free(allocated_data_data);
@@ -742,34 +732,27 @@ static term nif_crypto_crypto_one_time(Context *ctx, int argc, term argv[])
     size_t update_len = 0;
     status = psa_cipher_update(&operation, data_data, process_size, temp_buf, output_size, &update_len);
     if (UNLIKELY(status != PSA_SUCCESS)) {
-        psa_cipher_abort(&operation);
-        psa_destroy_key(key_id);
-        free(temp_buf);
-        free(allocated_key_data);
-        free(allocated_iv_data);
-        free(allocated_data_data);
         char err_msg[24];
         snprintf(err_msg, sizeof(err_msg), "update err %d", (int) status);
-        RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, err_msg, ctx));
+        error_atom = make_crypto_error(__FILE__, __LINE__, err_msg, ctx);
+        goto psa_error;
     }
 
     size_t finish_len = 0;
     status = psa_cipher_finish(&operation, (uint8_t *) temp_buf + update_len, output_size - update_len, &finish_len);
     if (UNLIKELY(status != PSA_SUCCESS)) {
-        psa_cipher_abort(&operation);
-        psa_destroy_key(key_id);
-        free(temp_buf);
-        free(allocated_key_data);
-        free(allocated_iv_data);
-        free(allocated_data_data);
         char err_msg[24];
         snprintf(err_msg, sizeof(err_msg), "finish err %d", (int) status);
-        RAISE_ERROR(make_crypto_error(__FILE__, __LINE__, err_msg, ctx));
+        error_atom = make_crypto_error(__FILE__, __LINE__, err_msg, ctx);
+        goto psa_error;
     }
     output_len = update_len + finish_len;
 
     psa_destroy_key(key_id);
 
+    if (allocated_key_data) {
+        memset(allocated_key_data, 0, key_len);
+    }
     free(allocated_key_data);
     free(allocated_iv_data);
     free(allocated_data_data);
@@ -783,6 +766,17 @@ static term nif_crypto_crypto_one_time(Context *ctx, int argc, term argv[])
     term out = term_from_literal_binary(temp_buf, output_len, &ctx->heap, ctx->global);
     free(temp_buf);
     return out;
+
+psa_error:
+    psa_cipher_abort(&operation);
+    if (key_id != 0) {
+        psa_destroy_key(key_id);
+    }
+    free(temp_buf);
+    if (allocated_key_data) {
+        memset(allocated_key_data, 0, key_len);
+    }
+    goto raise_error;
 #else
     mbedtls_operation_t operation;
     mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_NONE;
diff --git a/src/platforms/emscripten/src/lib/sys.c b/src/platforms/emscripten/src/lib/sys.c
@@ -183,6 +183,7 @@ void sys_init_platform(GlobalContext *glb)
     }
 #endif
 
+#if MBEDTLS_VERSION_NUMBER < 0x04000000
 #ifndef AVM_NO_SMP
     platform->entropy_mutex = smp_mutex_create();
     if (IS_NULL_PTR(platform->entropy_mutex)) {
@@ -195,6 +196,7 @@ void sys_init_platform(GlobalContext *glb)
 #endif
     platform->entropy_is_initialized = false;
     platform->random_is_initialized = false;
+#endif
 
     glb->platform_data = platform;
 }
@@ -204,12 +206,14 @@ void sys_free_platform(GlobalContext *glb)
     struct EmscriptenPlatformData *platform = glb->platform_data;
     pthread_cond_destroy(&platform->poll_cond);
     pthread_mutex_destroy(&platform->poll_mutex);
+#if MBEDTLS_VERSION_NUMBER < 0x04000000
     if (platform->random_is_initialized) {
         mbedtls_ctr_drbg_free(&platform->random_ctx);
     }
     if (platform->entropy_is_initialized) {
         mbedtls_entropy_free(&platform->entropy_ctx);
     }
+#endif
     free(platform);
 }
 
diff --git a/src/platforms/generic_unix/lib/sys.c b/src/platforms/generic_unix/lib/sys.c
@@ -584,7 +584,6 @@ void sys_init_platform(GlobalContext *global)
         AVM_ABORT();
     }
 #else
-#if MBEDTLS_VERSION_NUMBER < 0x04000000
 #ifndef AVM_NO_SMP
     platform->entropy_mutex = smp_mutex_create();
     if (IS_NULL_PTR(platform->entropy_mutex)) {
@@ -597,7 +596,6 @@ void sys_init_platform(GlobalContext *global)
 #endif
     platform->entropy_is_initialized = false;
     platform->random_is_initialized = false;
-#endif
 #endif
     otp_ssl_init(global);
 #endif
diff --git a/src/platforms/rp2/src/lib/rp2_sys.h b/src/platforms/rp2/src/lib/rp2_sys.h
@@ -30,8 +30,11 @@
 #include <pico/cond.h>
 #include <pico/util/queue.h>
 
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER < 0x04000000
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
+#endif
 
 #pragma GCC diagnostic pop
 
@@ -82,6 +85,7 @@ struct RP2PlatformData
 #endif
     queue_t event_queue;
 
+#if MBEDTLS_VERSION_NUMBER < 0x04000000
 #ifndef AVM_NO_SMP
     Mutex *entropy_mutex;
 #endif
@@ -93,6 +97,10 @@ struct RP2PlatformData
 #endif
     mbedtls_ctr_drbg_context random_ctx;
     bool random_is_initialized;
+#else
+    char entropy_ctx;
+    char random_ctx;
+#endif
 };
 
 #endif
diff --git a/src/platforms/rp2/src/lib/sys.c b/src/platforms/rp2/src/lib/sys.c
@@ -98,6 +98,7 @@ void sys_init_platform(GlobalContext *glb)
     }
 #endif
 
+#if MBEDTLS_VERSION_NUMBER < 0x04000000
 #ifndef AVM_NO_SMP
     platform->entropy_mutex = smp_mutex_create();
     if (IS_NULL_PTR(platform->entropy_mutex)) {
@@ -111,6 +112,7 @@ void sys_init_platform(GlobalContext *glb)
 
     platform->entropy_is_initialized = false;
     platform->random_is_initialized = false;
+#endif
 }
 
 void sys_free_platform(GlobalContext *glb)
@@ -122,6 +124,7 @@ void sys_free_platform(GlobalContext *glb)
     struct RP2PlatformData *platform = glb->platform_data;
     queue_free(&platform->event_queue);
 
+#if MBEDTLS_VERSION_NUMBER < 0x04000000
     if (platform->random_is_initialized) {
         mbedtls_ctr_drbg_free(&platform->random_ctx);
     }
@@ -133,6 +136,7 @@ void sys_free_platform(GlobalContext *glb)
 #ifndef AVM_NO_SMP
     smp_mutex_destroy(platform->entropy_mutex);
     smp_mutex_destroy(platform->random_mutex);
+#endif
 #endif
 
     free(platform);

Original file line number	Diff line number	Diff line change
`@@ -183,6 +183,7 @@ void sys_init_platform(GlobalContext *glb)`
`183`	`183`	`}`
`184`	`184`	`#endif`
`185`	`185`
	`186`	`+#if MBEDTLS_VERSION_NUMBER < 0x04000000`
`186`	`187`	`#ifndef AVM_NO_SMP`
`187`	`188`	`platform->entropy_mutex = smp_mutex_create();`
`188`	`189`	`if (IS_NULL_PTR(platform->entropy_mutex)) {`
`@@ -195,6 +196,7 @@ void sys_init_platform(GlobalContext *glb)`
`195`	`196`	`#endif`
`196`	`197`	`platform->entropy_is_initialized = false;`
`197`	`198`	`platform->random_is_initialized = false;`
	`199`	`+#endif`
`198`	`200`
`199`	`201`	`glb->platform_data = platform;`
`200`	`202`	`}`
`@@ -204,12 +206,14 @@ void sys_free_platform(GlobalContext *glb)`
`204`	`206`	`struct EmscriptenPlatformData *platform = glb->platform_data;`
`205`	`207`	`pthread_cond_destroy(&platform->poll_cond);`
`206`	`208`	`pthread_mutex_destroy(&platform->poll_mutex);`
	`209`	`+#if MBEDTLS_VERSION_NUMBER < 0x04000000`
`207`	`210`	`if (platform->random_is_initialized) {`
`208`	`211`	`mbedtls_ctr_drbg_free(&platform->random_ctx);`
`209`	`212`	`}`
`210`	`213`	`if (platform->entropy_is_initialized) {`
`211`	`214`	`mbedtls_entropy_free(&platform->entropy_ctx);`
`212`	`215`	`}`
	`216`	`+#endif`
`213`	`217`	`free(platform);`
`214`	`218`	`}`
`215`	`219`