Fix struct initialization

Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2021-04-12 15:47:35 +02:00
parent c5c8d38d80
commit f67d8af106
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
2 changed files with 17 additions and 14 deletions

View file

@ -113,7 +113,10 @@ typedef struct {
psa_algorithm_t alg;
uint8_t iv_length;
uint8_t block_length;
mbedtls_cipher_context_t cipher;
union {
unsigned int initialised;
mbedtls_cipher_context_t cipher;
} ctx;
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}

View file

@ -165,7 +165,7 @@ static psa_status_t cipher_setup(
/* Proceed with initializing an mbed TLS cipher context if no driver is
* available for the given algorithm & key. */
mbedtls_cipher_init( &operation->cipher );
mbedtls_cipher_init( &operation->ctx.cipher );
operation->alg = alg;
key_bits = attributes->core.bits;
@ -174,7 +174,7 @@ static psa_status_t cipher_setup(
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
ret = mbedtls_cipher_setup( &operation->cipher, cipher_info );
ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
if( ret != 0 )
goto exit;
@ -185,14 +185,14 @@ static psa_status_t cipher_setup(
uint8_t keys[24];
memcpy( keys, key_buffer, 16 );
memcpy( keys + 16, key_buffer, 8 );
ret = mbedtls_cipher_setkey( &operation->cipher,
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
keys,
192, cipher_operation );
}
else
#endif
{
ret = mbedtls_cipher_setkey( &operation->cipher, key_buffer,
ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
(int) key_bits, cipher_operation );
}
if( ret != 0 )
@ -203,11 +203,11 @@ static psa_status_t cipher_setup(
switch( alg )
{
case PSA_ALG_CBC_NO_PADDING:
ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_NONE );
break;
case PSA_ALG_CBC_PKCS7:
ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_PKCS7 );
break;
default:
@ -256,7 +256,7 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
return( PSA_ERROR_INVALID_ARGUMENT );
return( mbedtls_to_psa_error(
mbedtls_cipher_set_iv( &operation->cipher,
mbedtls_cipher_set_iv( &operation->ctx.cipher,
iv, iv_length ) ) );
}
@ -365,7 +365,7 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
( operation->cipher.unprocessed_len + input_length )
( operation->ctx.cipher.unprocessed_len + input_length )
/ operation->block_length * operation->block_length;
}
else
@ -381,7 +381,7 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
/* mbedtls_cipher_update has an API inconsistency: it will only
* process a single block at a time in ECB mode. Abstract away that
* inconsistency here to match the PSA API behaviour. */
status = psa_cipher_update_ecb( &operation->cipher,
status = psa_cipher_update_ecb( &operation->ctx.cipher,
input,
input_length,
output,
@ -391,7 +391,7 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
else
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->cipher, input,
mbedtls_cipher_update( &operation->ctx.cipher, input,
input_length, output, output_length ) );
}
@ -406,7 +406,7 @@ static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
if( operation->cipher.unprocessed_len != 0 )
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
operation->alg == PSA_ALG_CBC_NO_PADDING )
@ -417,7 +417,7 @@ static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
}
status = mbedtls_to_psa_error(
mbedtls_cipher_finish( &operation->cipher,
mbedtls_cipher_finish( &operation->ctx.cipher,
temp_output_buffer,
output_length ) );
if( status != PSA_SUCCESS )
@ -444,7 +444,7 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
return( PSA_ERROR_BAD_STATE );
mbedtls_cipher_free( &operation->cipher );
mbedtls_cipher_free( &operation->ctx.cipher );
return( PSA_SUCCESS );
}