From 01d4b76b7eb1c0f1d2a436de37541a933417bafc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Dec 2018 12:09:07 +0100 Subject: [PATCH] Remove faulty cipher_finish calls from nist_kw The calls to cipher_finish didn't actually do anything: - the cipher mode is always ECB - in that case cipher_finish() only sets *olen to zero, and returns either 0 or an error depending on whether there was pending data - olen is a local variable in the caller, so setting it to zero right before returning is not essential - the return value of cipher_finis() was not checked by the caller so that's not useful either - the cipher layer does not have ALT implementations so the behaviour described above is unconditional on ALT implementations (in particular, cipher_finish() can't be useful to hardware as (with ECB) it doesn't call any functions from lower-level modules that could release resources for example) Since the calls are causing issues with parameter validation, and were no serving any functional purpose, it's simpler to just remove them. --- library/nist_kw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/nist_kw.c b/library/nist_kw.c index 176af9fe0..317a2426a 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -311,7 +311,7 @@ cleanup: } mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 ); mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 ); - mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen ); + return( ret ); } @@ -528,7 +528,7 @@ cleanup: mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) ); mbedtls_platform_zeroize( &diff, sizeof( diff ) ); mbedtls_platform_zeroize( A, sizeof( A ) ); - mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen ); + return( ret ); }