From 5fe19734d509b2fe36471ed0a15385ce51c52bd6 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Thu, 20 Jun 2019 15:09:30 +0100
Subject: [PATCH] Make key derivation initialisation consistent

The macro initialiser might leave bytes in the union unspecified.
Zeroising it in setup makes sure that the behaviour is the same
independently of the initialisation method used.
---
 library/psa_crypto.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 153bc6d97..9d02a971d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4740,6 +4740,10 @@ static psa_status_t psa_key_derivation_setup_kdf(
     psa_key_derivation_operation_t *operation,
     psa_algorithm_t kdf_alg )
 {
+    /* Make sure that operation->ctx is properly zero-initialised. (Macro
+     * initialisers for this union leave some bytes unspecified.) */
+    memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+
     /* Make sure that kdf_alg is a supported key derivation algorithm. */
 #if defined(MBEDTLS_MD_C)
     if( PSA_ALG_IS_HKDF( kdf_alg ) ||