commit d4eab5793395029d0fa42a24ecb6c55c45c3c25c
author Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com> Mon Jan 17 16:20:10 2022 +0100
committer Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com> Mon Jan 31 15:38:29 2022 +0100
tree fa75a4221870f0c2dcd03b4bb18523cf0e8d9692
parent ce09e7d868dbe71b99505da4c99bfe3ffc0e3bd8

Skip psa encryption/decryption for null cipher

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 0eab9be..c9f75de 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -724,32 +724,38 @@
                                     rec->data_len, 0 ) );
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_cipher_encrypt_setup( &cipher_op,
-                                     transform->psa_key_enc, transform->psa_alg );
+        /* Skip psa encryption for null cipher */
+        if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER )
+        {
+            status = psa_cipher_encrypt_setup( &cipher_op,
+                                        transform->psa_key_enc, transform->psa_alg );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen );
+            status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        status = psa_cipher_update( &cipher_op,
-                                    data, rec->data_len,
-                                    data, rec->data_len, &olen );
+            status = psa_cipher_update( &cipher_op,
+                                        data, rec->data_len,
+                                        data, rec->data_len, &olen );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        status = psa_cipher_finish( &cipher_op,
-                                    data + olen, rec->data_len - olen,
-                                    &part_len );
+            status = psa_cipher_finish( &cipher_op,
+                                        data + olen, rec->data_len - olen,
+                                        &part_len );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        olen += part_len;
+            olen += part_len;
+        } else {
+            olen = rec->data_len;
+        }
 #else
         if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
                                    transform->iv_enc, transform->ivlen,
@@ -956,7 +962,7 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         status = psa_cipher_encrypt_setup( &cipher_op,
-                                     transform->psa_key_enc, transform->psa_alg );
+                                    transform->psa_key_enc, transform->psa_alg );
 
         if( status != PSA_SUCCESS )
             return( psa_status_to_mbedtls( status ) );
@@ -1135,32 +1141,38 @@
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_cipher_decrypt_setup( &cipher_op,
-                                     transform->psa_key_dec, transform->psa_alg );
+        /* Skip psa decryption for null cipher */
+        if ( transform->psa_alg != MBEDTLS_SSL_NULL_CIPHER )
+        {
+            status = psa_cipher_decrypt_setup( &cipher_op,
+                                        transform->psa_key_dec, transform->psa_alg );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen );
+            status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        status = psa_cipher_update( &cipher_op,
-                                    data, rec->data_len,
-                                    data, rec->data_len, &olen );
+            status = psa_cipher_update( &cipher_op,
+                                        data, rec->data_len,
+                                        data, rec->data_len, &olen );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        status = psa_cipher_finish( &cipher_op,
-                                    data + olen, rec->data_len - olen,
-                                    &part_len );
+            status = psa_cipher_finish( &cipher_op,
+                                        data + olen, rec->data_len - olen,
+                                        &part_len );
 
-        if( status != PSA_SUCCESS )
-            return( psa_status_to_mbedtls( status ) );
+            if( status != PSA_SUCCESS )
+                return( psa_status_to_mbedtls( status ) );
 
-        olen += part_len;
+            olen += part_len;
+        } else {
+            olen = rec->data_len;
+        }
 #else
 
         if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
@@ -1460,7 +1472,7 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         status = psa_cipher_decrypt_setup( &cipher_op,
-                                     transform->psa_key_dec, transform->psa_alg );
+                                    transform->psa_key_dec, transform->psa_alg );
 
         if( status != PSA_SUCCESS )
             return( psa_status_to_mbedtls( status ) );