TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / e55f3e8de4cdb9e2d5580114d303ede28b0af9b3^! / . / library / psa_crypto.c
commite55f3e8de4cdb9e2d5580114d303ede28b0af9b3[log] [tgz]
authorSteven Cooreman <steven.cooreman@silabs.com>Wed Sep 09 18:41:07 2020 +0200
committerSteven Cooreman <steven.cooreman@silabs.com>Mon Sep 14 16:35:33 2020 +0200
tree90e66b959fdadd882c7fe1784345470fa4ce3bef
parentb5e52f2e31dcb0a232d9868569ab73eea14c2b4e [diff] [blame]
Make sure to not call mbedtls_cipher_free on an uninitialised context

As pointed out by Gilles

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d8c6c1e..647ca62 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -4101,12 +4101,18 @@
                                                           slot,
                                                           alg );
 
-    if( status == PSA_SUCCESS )
-        operation->accelerator_set = 1;
-
     if( status != PSA_ERROR_NOT_SUPPORTED ||
         psa_key_lifetime_is_external( slot->attr.lifetime ) )
+    {
+        /* Indicate this operation is bound to an accelerator. When the driver
+         * setup succeeded, this indicates to the core to not call any mbedtls_
+         * functions for this operation (contexts are not interoperable).
+         * In case the drivers couldn't setup and there's no way to fallback,
+         * indicate to the core to not call mbedtls_cipher_free on an
+         * uninitialised mbed TLS cipher context. */
+        operation->accelerator_set = 1;
         goto exit;
+    }
 
     /* Proceed with initializing mbed TLS cipher context if no accelerator is
      * available for the given algorithm & key. */