Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

commit: c25fbd2cc184399f179276fbbe7a95c41b11cfc1 [log] [tgz]
author: Gabor Mezei <gabor.mezei@arm.com> Mon Jan 29 13:33:58 2024 +0100
committer: Gabor Mezei <gabor.mezei@arm.com> Wed Feb 28 15:17:17 2024 +0000
tree: e3782a5da3a19f3f4e839ed1c4bba08f7f4d4c02
parent: b8f97a1f3f79908240604d097c9e2e4e4b0f6887 [diff] [blame]
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 3132854..d70a275 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c

@@ -532,7 +532,11 @@
                                        output_length);
     } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
-    {
+    if (input_length == 0) {
+        /* There is no input, nothing to be done */
+        *output_length = 0;
+        status = PSA_SUCCESS;
+    } else {
         status = mbedtls_to_psa_error(
             mbedtls_cipher_update(&operation->ctx.cipher, input,
                                   input_length, output, output_length));
commit	c25fbd2cc184399f179276fbbe7a95c41b11cfc1	[log] [tgz]
author	Gabor Mezei <gabor.mezei@arm.com>	Mon Jan 29 13:33:58 2024 +0100
committer	Gabor Mezei <gabor.mezei@arm.com>	Wed Feb 28 15:17:17 2024 +0000
tree	e3782a5da3a19f3f4e839ed1c4bba08f7f4d4c02
parent	b8f97a1f3f79908240604d097c9e2e4e4b0f6887 [diff] [blame]