Remove unrequired mpis from sign operation struct
These are only used at the output stage.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 8000242..44fa6de 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -123,9 +123,6 @@
const uint8_t *MBEDTLS_PRIVATE(hash);
size_t MBEDTLS_PRIVATE(hash_length);
- mbedtls_mpi MBEDTLS_PRIVATE(r);
- mbedtls_mpi MBEDTLS_PRIVATE(s);
-
#else
/* Make the struct non-empty if algs not supported. */
unsigned MBEDTLS_PRIVATE(dummy);
@@ -138,8 +135,7 @@
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
defined(MBEDTLS_ECP_RESTARTABLE)
-#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, { 0 }, \
- { 0 } }
+#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0 }
#else
#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
#endif
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 748cb13..78d8702 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3511,9 +3511,6 @@
mbedtls_ecdsa_restart_init(&operation->restart_ctx);
- mbedtls_mpi_init(&operation->r);
- mbedtls_mpi_init(&operation->s);
-
operation->curve_bytes = PSA_BITS_TO_BYTES(
operation->ctx->grp.pbits);
@@ -3547,6 +3544,8 @@
size_t *signature_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi r;
+ mbedtls_mpi s;
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
@@ -3556,13 +3555,16 @@
return PSA_ERROR_BUFFER_TOO_SMALL;
}
+ mbedtls_mpi_init(&r);
+ mbedtls_mpi_init(&s);
if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) {
+
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
status = mbedtls_to_psa_error(
mbedtls_ecdsa_sign_det_restartable(&operation->ctx->grp,
- &operation->r,
- &operation->s,
+ &r,
+ &s,
&operation->ctx->d,
operation->hash,
operation->hash_length,
@@ -3577,8 +3579,8 @@
status = mbedtls_to_psa_error(
mbedtls_ecdsa_sign_restartable(&operation->ctx->grp,
- &operation->r,
- &operation->s,
+ &r,
+ &s,
&operation->ctx->d,
operation->hash,
operation->hash_length,
@@ -3593,7 +3595,7 @@
return status;
} else {
status = mbedtls_to_psa_error(
- mbedtls_mpi_write_binary(&operation->r,
+ mbedtls_mpi_write_binary(&r,
signature,
operation->curve_bytes));
@@ -3602,7 +3604,7 @@
}
status = mbedtls_to_psa_error(
- mbedtls_mpi_write_binary(&operation->s,
+ mbedtls_mpi_write_binary(&s,
signature +
operation->curve_bytes,
operation->curve_bytes));
@@ -3645,9 +3647,6 @@
mbedtls_ecdsa_restart_free(&operation->restart_ctx);
- mbedtls_mpi_free(&operation->r);
- mbedtls_mpi_free(&operation->s);
-
return PSA_SUCCESS;
#else