Move operation buffer in operation struct and remove dynamic allocation

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

include/psa/crypto_extra.h

@@ -1829,7 +1829,7 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation );
  */
 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
 #define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, 0, 0,              \
-                                 MBEDTLS_SVC_KEY_ID_INIT, 0, NULL, 0, 0, \
+                                 MBEDTLS_SVC_KEY_ID_INIT, 0, {0}, 0, 0, \
                                  {.dummy = 0}}
 #else
 #define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, {0}}
@@ -1905,6 +1905,7 @@ static inline void psa_pake_cs_set_hash( psa_pake_cipher_suite_t *cipher_suite,
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
 #include <mbedtls/ecjpake.h>
+#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 )
 #endif
 
 struct psa_pake_operation_s
@@ -1917,7 +1918,7 @@ struct psa_pake_operation_s
     unsigned int MBEDTLS_PRIVATE(output_step);
     mbedtls_svc_key_id_t MBEDTLS_PRIVATE(password);
     psa_pake_role_t MBEDTLS_PRIVATE(role);
-    uint8_t *MBEDTLS_PRIVATE(buffer);
+    uint8_t MBEDTLS_PRIVATE(buffer[PSA_PAKE_BUFFER_SIZE]);
     size_t MBEDTLS_PRIVATE(buffer_length);
     size_t MBEDTLS_PRIVATE(buffer_offset);
 #endif

library/psa_crypto_pake.c

@@ -33,10 +33,6 @@
 #include <mbedtls/error.h>
 #include <string.h>
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 )
-#endif
-
 /*
  * State sequence:
  *
@@ -234,7 +230,7 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation,
         operation->input_step = PSA_PAKE_STEP_X1_X2;
         operation->output_step = PSA_PAKE_STEP_X1_X2;
 
-        operation->buffer = NULL;
+        mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
         operation->buffer_length = 0;
         operation->buffer_offset = 0;
 
@@ -383,10 +379,6 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation )
     if( ret != 0 )
         return( mbedtls_ecjpake_to_psa_error( ret ) );
 
-    operation->buffer = mbedtls_calloc( 1, PSA_PAKE_BUFFER_SIZE );
-    if( operation->buffer == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
     operation->state = PSA_PAKE_STATE_READY;
 
     return( PSA_SUCCESS );
@@ -428,8 +420,7 @@ psa_status_t psa_pake_output( psa_pake_operation_t *operation,
         }
 
         if( operation->state >= PSA_PAKE_STATE_READY &&
-            ( mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 ||
+            mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 )
-              operation->buffer == NULL ) )
         {
             return( PSA_ERROR_BAD_STATE );
         }
@@ -612,8 +603,7 @@ psa_status_t psa_pake_input( psa_pake_operation_t *operation,
         }
 
         if( operation->state >= PSA_PAKE_STATE_READY &&
-            ( mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 ||
+            mbedtls_ecjpake_check( &operation->ctx.ecjpake ) != 0 )
-              operation->buffer == NULL ) )
         {
             return( PSA_ERROR_BAD_STATE );
         }
@@ -794,8 +784,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation)
         operation->output_step = 0;
         operation->password = MBEDTLS_SVC_KEY_ID_INIT;
         operation->role = 0;
-        mbedtls_free( operation->buffer );
+        mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
-        operation->buffer = NULL;
         operation->buffer_length = 0;
         operation->buffer_offset = 0;
         mbedtls_ecjpake_free( &operation->ctx.ecjpake );