Remove faulty cipher_finish calls from nist_kw

The calls to cipher_finish didn't actually do anything:
- the cipher mode is always ECB
- in that case cipher_finish() only sets *olen to zero, and returns either 0
  or an error depending on whether there was pending data
- olen is a local variable in the caller, so setting it to zero right before
  returning is not essential
- the return value of cipher_finis() was not checked by the caller so that's
  not useful either
- the cipher layer does not have ALT implementations so the behaviour
  described above is unconditional on ALT implementations (in particular,
cipher_finish() can't be useful to hardware as (with ECB) it doesn't call any
functions from lower-level modules that could release resources for example)

Since the calls are causing issues with parameter validation, and were no
serving any functional purpose, it's simpler to just remove them.
This commit is contained in:
Manuel Pégourié-Gonnard 2018-12-20 12:09:07 +01:00
parent fb54360f8c
commit 01d4b76b7e

View File

@ -311,7 +311,7 @@ cleanup:
} }
mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 ); mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 ); mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
return( ret ); return( ret );
} }
@ -528,7 +528,7 @@ cleanup:
mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) ); mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
mbedtls_platform_zeroize( &diff, sizeof( diff ) ); mbedtls_platform_zeroize( &diff, sizeof( diff ) );
mbedtls_platform_zeroize( A, sizeof( A ) ); mbedtls_platform_zeroize( A, sizeof( A ) );
mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
return( ret ); return( ret );
} }