Fix struct initialization
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 20451c9..260619c 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -104,7 +104,10 @@
psa_algorithm_t MBEDTLS_PRIVATE(alg);
uint8_t MBEDTLS_PRIVATE(iv_length);
uint8_t MBEDTLS_PRIVATE(block_length);
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
+ union {
+ unsigned int MBEDTLS_PRIVATE(initialised);
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index b018e2a..6c696df 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -162,7 +162,7 @@
/* Proceed with initializing an mbed TLS cipher context if no driver is
* available for the given algorithm & key. */
- mbedtls_cipher_init( &operation->cipher );
+ mbedtls_cipher_init( &operation->ctx.cipher );
operation->alg = alg;
key_bits = attributes->core.bits;
@@ -171,7 +171,7 @@
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- ret = mbedtls_cipher_setup( &operation->cipher, cipher_info );
+ ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
if( ret != 0 )
goto exit;
@@ -182,14 +182,14 @@
uint8_t keys[24];
memcpy( keys, key_buffer, 16 );
memcpy( keys + 16, key_buffer, 8 );
- ret = mbedtls_cipher_setkey( &operation->cipher,
+ ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
keys,
192, cipher_operation );
}
else
#endif
{
- ret = mbedtls_cipher_setkey( &operation->cipher, key_buffer,
+ ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
(int) key_bits, cipher_operation );
}
if( ret != 0 )
@@ -200,11 +200,11 @@
switch( alg )
{
case PSA_ALG_CBC_NO_PADDING:
- ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
+ ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_NONE );
break;
case PSA_ALG_CBC_PKCS7:
- ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
+ ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_PKCS7 );
break;
default:
@@ -253,7 +253,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
return( mbedtls_to_psa_error(
- mbedtls_cipher_set_iv( &operation->cipher,
+ mbedtls_cipher_set_iv( &operation->ctx.cipher,
iv, iv_length ) ) );
}
@@ -362,7 +362,7 @@
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
- ( operation->cipher.unprocessed_len + input_length )
+ ( operation->ctx.cipher.unprocessed_len + input_length )
/ operation->block_length * operation->block_length;
}
else
@@ -378,7 +378,7 @@
/* mbedtls_cipher_update has an API inconsistency: it will only
* process a single block at a time in ECB mode. Abstract away that
* inconsistency here to match the PSA API behaviour. */
- status = psa_cipher_update_ecb( &operation->cipher,
+ status = psa_cipher_update_ecb( &operation->ctx.cipher,
input,
input_length,
output,
@@ -388,7 +388,7 @@
else
{
status = mbedtls_to_psa_error(
- mbedtls_cipher_update( &operation->cipher, input,
+ mbedtls_cipher_update( &operation->ctx.cipher, input,
input_length, output, output_length ) );
}
@@ -403,7 +403,7 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
- if( operation->cipher.unprocessed_len != 0 )
+ if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
operation->alg == PSA_ALG_CBC_NO_PADDING )
@@ -414,7 +414,7 @@
}
status = mbedtls_to_psa_error(
- mbedtls_cipher_finish( &operation->cipher,
+ mbedtls_cipher_finish( &operation->ctx.cipher,
temp_output_buffer,
output_length ) );
if( status != PSA_SUCCESS )
@@ -441,7 +441,7 @@
if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
return( PSA_ERROR_BAD_STATE );
- mbedtls_cipher_free( &operation->cipher );
+ mbedtls_cipher_free( &operation->ctx.cipher );
return( PSA_SUCCESS );
}