diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2b9c8a29ff..cf4cc23cd3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1535,6 +1535,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; /* Reject a zero-length output buffer now, since this can never be a * valid key representation. This way we know that data must be a valid @@ -1560,7 +1561,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; status = psa_driver_wrapper_export_public_key( @@ -2509,6 +2510,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; + psa_key_attributes_t attributes; /* A context must be freshly initialized before it can be set up. */ if (operation->id != 0) { @@ -2525,7 +2527,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -2695,6 +2697,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; uint8_t operation_mac_size = 0; + psa_key_attributes_t attributes; status = psa_get_and_lock_key_slot_with_policy( key, @@ -2705,7 +2708,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -2831,6 +2834,7 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; *signature_length = 0; @@ -2862,7 +2866,7 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -3165,6 +3169,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; (void) input; (void) input_length; @@ -3189,7 +3194,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -3216,6 +3221,7 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; (void) input; (void) input_length; @@ -3239,7 +3245,7 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -3313,6 +3319,7 @@ psa_status_t psa_sign_hash_start( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; + psa_key_attributes_t attributes; /* Check that start has not been previously called, or operation has not * previously errored. */ @@ -3339,7 +3346,7 @@ psa_status_t psa_sign_hash_start( goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -4020,6 +4027,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ? PSA_KEY_USAGE_ENCRYPT : PSA_KEY_USAGE_DECRYPT); + psa_key_attributes_t attributes; /* A context must be freshly initialized before it can be set up. */ if (operation->id != 0) { @@ -4049,7 +4057,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, } operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -4275,6 +4283,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, psa_key_slot_t *slot = NULL; uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; size_t default_iv_length = 0; + psa_key_attributes_t attributes; if (!PSA_ALG_IS_CIPHER(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -4288,7 +4297,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -4345,6 +4354,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; + psa_key_attributes_t attributes; if (!PSA_ALG_IS_CIPHER(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -4358,7 +4368,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -4612,6 +4622,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; psa_key_usage_t key_usage = 0; + psa_key_attributes_t attributes; status = psa_aead_check_algorithm(alg); if (status != PSA_SUCCESS) { @@ -4641,7 +4652,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -5793,6 +5804,8 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( mbedtls_mpi diff_N_2; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t m; + size_t m_bytes; mbedtls_mpi_init(&k); mbedtls_mpi_init(&diff_N_2); @@ -5814,9 +5827,9 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( /* N is the boundary of the private key domain (ecp_group.N). */ /* Let m be the bit size of N. */ - size_t m = ecp_group.nbits; + m = ecp_group.nbits; - size_t m_bytes = PSA_BITS_TO_BYTES(m); + m_bytes = PSA_BITS_TO_BYTES(m); /* Calculate N - 2 - it will be needed later. */ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&diff_N_2, &ecp_group.N, 2)); @@ -5959,6 +5972,7 @@ static psa_status_t psa_generate_derived_key_internal( size_t bytes = PSA_BITS_TO_BYTES(bits); size_t storage_size = bytes; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes; if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { return PSA_ERROR_INVALID_ARGUMENT; @@ -6013,7 +6027,7 @@ static psa_status_t psa_generate_derived_key_internal( } slot->attr.bits = (psa_key_bits_t) bits; - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; @@ -7114,6 +7128,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; + size_t expected_length; if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -7133,7 +7148,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot. * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily * be exact for it as well. */ - size_t expected_length = + expected_length = PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits); if (output_size < expected_length) { status = PSA_ERROR_BUFFER_TOO_SMALL; @@ -7789,6 +7804,8 @@ psa_status_t psa_pake_set_password_key( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; + psa_key_attributes_t attributes; + psa_key_type_t type; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -7802,11 +7819,11 @@ psa_status_t psa_pake_set_password_key( goto exit; } - psa_key_attributes_t attributes = { + attributes = (psa_key_attributes_t) { .core = slot->attr }; - psa_key_type_t type = psa_get_key_type(&attributes); + type = psa_get_key_type(&attributes); if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) {