Move operation buffer in operation struct and remove dynamic allocation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index e625f0d..3330bf6 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1829,7 +1829,7 @@
*/
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, 0, 0, \
- MBEDTLS_SVC_KEY_ID_INIT, 0, NULL, 0, 0, \
+ MBEDTLS_SVC_KEY_ID_INIT, 0, {0}, 0, 0, \
{.dummy = 0}}
#else
#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, {0}}
@@ -1905,6 +1905,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
#include <mbedtls/ecjpake.h>
+#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 )
#endif
struct psa_pake_operation_s
@@ -1917,7 +1918,7 @@
unsigned int MBEDTLS_PRIVATE(output_step);
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(password);
psa_pake_role_t MBEDTLS_PRIVATE(role);
- uint8_t *MBEDTLS_PRIVATE(buffer);
+ uint8_t MBEDTLS_PRIVATE(buffer[PSA_PAKE_BUFFER_SIZE]);
size_t MBEDTLS_PRIVATE(buffer_length);
size_t MBEDTLS_PRIVATE(buffer_offset);
#endif
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index f7be687..1fd9129 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -33,10 +33,6 @@
#include <mbedtls/error.h>
#include <string.h>
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 )
-#endif
-
/*
* State sequence:
*
@@ -234,7 +230,7 @@
operation->input_step = PSA_PAKE_STEP_X1_X2;
operation->output_step = PSA_PAKE_STEP_X1_X2;
- operation->buffer = NULL;
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
operation->buffer_offset = 0;
@@ -383,10 +379,6 @@
if( ret != 0 )
return( mbedtls_ecjpake_to_psa_error( ret ) );
- operation->buffer = mbedtls_calloc( 1, PSA_PAKE_BUFFER_SIZE );
- if( operation->buffer == NULL )
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
operation->state = PSA_PAKE_STATE_READY;
return( PSA_SUCCESS );
@@ -428,8 +420,7 @@
}
if( operation->state >= PSA_PAKE_STATE_READY &&
- ( mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 ||
- operation->buffer == NULL ) )
+ mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 )
{
return( PSA_ERROR_BAD_STATE );
}
@@ -612,8 +603,7 @@
}
if( operation->state >= PSA_PAKE_STATE_READY &&
- ( mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 ||
- operation->buffer == NULL ) )
+ mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 )
{
return( PSA_ERROR_BAD_STATE );
}
@@ -794,8 +784,7 @@
operation->output_step = 0;
operation->password = MBEDTLS_SVC_KEY_ID_INIT;
operation->role = 0;
- mbedtls_free( operation->buffer );
- operation->buffer = NULL;
+ mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
operation->buffer_offset = 0;
mbedtls_ecjpake_free( &operation->ctx.ecjpake );