diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 829ed452b0815eeb58196855e36f0ce32ffd3c13..603651482e234d3042a5c8f6b00bd075c7ed9dd9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1405,6 +1405,7 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; /* Reject a zero-length output buffer now, since this can never be a * valid key representation. This way we know that data must be a valid @@ -1429,9 +1430,7 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; status = psa_driver_wrapper_export_public_key( &attributes, slot->key.data, slot->key.bytes, data, data_size, data_length ); @@ -2343,6 +2342,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; + psa_key_attributes_t attributes; /* A context must be freshly initialized before it can be set up. */ if( operation->id != 0 ) @@ -2359,10 +2359,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; - + attributes.core = slot->attr; status = psa_mac_finalize_alg_and_key_validation( alg, &attributes, &operation->mac_size ); if( status != PSA_SUCCESS ) @@ -2537,6 +2534,7 @@ static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; uint8_t operation_mac_size = 0; + psa_key_attributes_t attributes; status = psa_get_and_lock_key_slot_with_policy( key, @@ -2546,9 +2544,7 @@ static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; status = psa_mac_finalize_alg_and_key_validation( alg, &attributes, &operation_mac_size ); @@ -2675,6 +2671,7 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; *signature_length = 0; @@ -2704,9 +2701,7 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; if( input_is_message ) { @@ -3286,6 +3281,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ? PSA_KEY_USAGE_ENCRYPT : PSA_KEY_USAGE_DECRYPT ); + psa_key_attributes_t attributes; /* A context must be freshly initialized before it can be set up. */ if( operation->id != 0 ) @@ -3315,9 +3311,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->iv_required = 1; operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; /* Try doing the operation through a driver before using software fallback. */ if( cipher_operation == MBEDTLS_ENCRYPT ) @@ -3552,6 +3546,7 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, psa_key_slot_t *slot = NULL; uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; size_t default_iv_length = 0; + psa_key_attributes_t attributes; if( ! PSA_ALG_IS_CIPHER( alg ) ) { @@ -3565,9 +3560,7 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ); if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE ) @@ -3623,6 +3616,7 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; + psa_key_attributes_t attributes; if( ! PSA_ALG_IS_CIPHER( alg ) ) { @@ -3636,9 +3630,7 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) ) { @@ -3829,6 +3821,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; psa_key_usage_t key_usage = 0; + psa_key_attributes_t attributes; if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) { @@ -3859,9 +3852,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; if( is_encrypt ) status = psa_driver_wrapper_aead_encrypt_setup( operation, @@ -4781,6 +4772,7 @@ static psa_status_t psa_generate_derived_key_internal( size_t bytes = PSA_BITS_TO_BYTES( bits ); size_t storage_size = bytes; psa_status_t status; + psa_key_attributes_t attributes; if( ! key_type_is_raw_bytes( slot->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -4799,9 +4791,7 @@ static psa_status_t psa_generate_derived_key_internal( #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ slot->attr.bits = (psa_key_bits_t) bits; - psa_key_attributes_t attributes = { - .core = slot->attr - }; + attributes.core = slot->attr; if( psa_key_lifetime_is_external( attributes.core.lifetime ) ) { @@ -5372,14 +5362,16 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, size_t shared_secret_size, size_t *shared_secret_length ) { + mbedtls_ecp_keypair *ecp; + psa_status_t status; switch( alg ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - mbedtls_ecp_keypair *ecp = NULL; - psa_status_t status = mbedtls_psa_ecp_load_representation( + ecp = NULL; + status = mbedtls_psa_ecp_load_representation( private_key->attr.type, private_key->attr.bits, private_key->key.data, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 8d86478624cbf7a212caf6dfff8f90ef45c76c6a..334dfbcd0b599577397d0dc6174dda74cfb758b4 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1157,9 +1157,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; return( status ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#else /* MBEDTLS_PSA_BUILTIN_CIPHER */ return( PSA_ERROR_NOT_SUPPORTED ); - +#endif /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST)