Move structure init calls as early as possible

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

library/psa_crypto.c

@@ -3539,6 +3539,8 @@ psa_status_t mbedtls_psa_sign_hash_start(
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
     defined(MBEDTLS_ECP_RESTARTABLE)
 
+    mbedtls_ecdsa_restart_init(&operation->restart_ctx);
+
     /* Ensure default is set even if
      * mbedtls_psa_interruptible_set_max_ops() has not been called. */
     mbedtls_psa_interruptible_set_max_ops(
@@ -3554,8 +3556,6 @@ psa_status_t mbedtls_psa_sign_hash_start(
         return status;
     }
 
-    mbedtls_ecdsa_restart_init(&operation->restart_ctx);
-
     operation->coordinate_bytes = PSA_BITS_TO_BYTES(
         operation->ctx->grp.nbits);
 
@@ -3594,22 +3594,22 @@ psa_status_t mbedtls_psa_sign_hash_complete(
     uint8_t *signature, size_t signature_size,
     size_t *signature_length)
 {
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
 #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
     defined(MBEDTLS_ECP_RESTARTABLE)
 
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi r;
     mbedtls_mpi s;
 
-    if (signature_size < 2 * operation->coordinate_bytes) {
-        return PSA_ERROR_BUFFER_TOO_SMALL;
-    }
-
     mbedtls_mpi_init(&r);
     mbedtls_mpi_init(&s);
 
+    if (signature_size < 2 * operation->coordinate_bytes) {
+        status = PSA_ERROR_BUFFER_TOO_SMALL;
+        goto exit;
+    }
+
     if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) {
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
@@ -3679,7 +3679,6 @@ exit:
  #else
 
     (void) operation;
-    (void) status;
     (void) signature;
     (void) signature_size;
     (void) signature_length;
@@ -3744,6 +3743,10 @@ psa_status_t mbedtls_psa_verify_hash_start(
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
     defined(MBEDTLS_ECP_RESTARTABLE)
 
+    mbedtls_ecdsa_restart_init(&operation->restart_ctx);
+    mbedtls_mpi_init(&operation->r);
+    mbedtls_mpi_init(&operation->s);
+
     /* Ensure default is set even if
      * mbedtls_psa_interruptible_set_max_ops() has not been called. */
     mbedtls_psa_interruptible_set_max_ops(
@@ -3765,7 +3768,6 @@ psa_status_t mbedtls_psa_verify_hash_start(
         return PSA_ERROR_INVALID_SIGNATURE;
     }
 
-    mbedtls_mpi_init(&operation->r);
     status = mbedtls_to_psa_error(
         mbedtls_mpi_read_binary(&operation->r,
                                 signature,
@@ -3775,7 +3777,6 @@ psa_status_t mbedtls_psa_verify_hash_start(
         return status;
     }
 
-    mbedtls_mpi_init(&operation->s);
     status = mbedtls_to_psa_error(
         mbedtls_mpi_read_binary(&operation->s,
                                 signature +
@@ -3792,8 +3793,6 @@ psa_status_t mbedtls_psa_verify_hash_start(
         return mbedtls_to_psa_error(ret);
     }
 
-    mbedtls_ecdsa_restart_init(&operation->restart_ctx);
-
     /* We only need to store the same length of hash as the private key size
      * here, it would be truncated by the internal implementation anyway. */
     required_hash_length = (hash_length < coordinate_bytes ? hash_length :