initialized psa_hash_operation_t to zeros before calling hash_setup

Moran Peker · Moran Peker · commit 2b8621aa6c10 · 2019-02-28T15:54:45.000+02:00
-initialized  psa_hash_operation_t to zeros
-fix TF-M attestation code - increase t_cose_crypto_hash bytes to
handle max psa_hash_operation_t size
diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c
@@ -208,6 +208,7 @@ t_cose_crypto_hash_start(struct t_cose_crypto_hash *hash_ctx,
     }
 
     psa_hash_ctx = (struct t_cose_psa_crypto_hash *)hash_ctx;
+    memset(&psa_hash_ctx->operation, 0, sizeof(psa_hash_operation_t));
 
     psa_ret = psa_hash_setup(&psa_hash_ctx->operation,
                              cose_hash_alg_id_to_psa(cose_hash_alg_id));
diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c
@@ -70,7 +70,7 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf
 
     psa_status_t crypto_ret;
     enum tfm_plat_err_t status = TFM_PLAT_ERR_SUCCESS;
-    psa_hash_operation_t hash_handle;
+    psa_hash_operation_t hash_handle = {0};
 
     crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
     if (crypto_ret != PSA_SUCCESS) {
diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_crypto.h b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_crypto.h
@@ -295,7 +295,7 @@ struct t_cose_crypto_hash {
      * actual hash implementation, so this is a fairly large and
      * accommodating size.
      */
-    uint8_t bytes[128];
+    uint8_t bytes[280];
 };
 
 

Original file line number	Original file line	Diff line number	Diff line change
`@@ -208,6 +208,7 @@ t_cose_crypto_hash_start(struct t_cose_crypto_hash *hash_ctx,`
`208`	`}`	`208`	`}`
`209`		`209`
`210`	`psa_hash_ctx = (struct t_cose_psa_crypto_hash *)hash_ctx;`	`210`	`psa_hash_ctx = (struct t_cose_psa_crypto_hash *)hash_ctx;`
		`211`	`+ memset(&psa_hash_ctx->operation, 0, sizeof(psa_hash_operation_t));`
`211`		`212`
`212`	`psa_ret = psa_hash_setup(&psa_hash_ctx->operation,`	`213`	`psa_ret = psa_hash_setup(&psa_hash_ctx->operation,`
`213`	`cose_hash_alg_id_to_psa(cose_hash_alg_id));`	`214`	`cose_hash_alg_id_to_psa(cose_hash_alg_id));`
Original file line number	Original file line	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t size, uint8_t buf`
`70`		`70`
`71`	`psa_status_t crypto_ret;`	`71`	`psa_status_t crypto_ret;`
`72`	`enum tfm_plat_err_t status = TFM_PLAT_ERR_SUCCESS;`	`72`	`enum tfm_plat_err_t status = TFM_PLAT_ERR_SUCCESS;`
`73`	`- psa_hash_operation_t hash_handle;`	`73`	`+ psa_hash_operation_t hash_handle = {0};`
`74`		`74`
`75`	`crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);`	`75`	`crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);`
`76`	`if (crypto_ret != PSA_SUCCESS) {`	`76`	`if (crypto_ret != PSA_SUCCESS) {`
Original file line number	Original file line	Diff line number	Diff line change
`@@ -295,7 +295,7 @@ struct t_cose_crypto_hash {`
`295`	`* actual hash implementation, so this is a fairly large and`	`295`	`* actual hash implementation, so this is a fairly large and`
`296`	`* accommodating size.`	`296`	`* accommodating size.`
`297`	`*/`	`297`	`*/`
`298`	`- uint8_t bytes[128];`	`298`	`+ uint8_t bytes[280];`
`299`	`};`	`299`	`};`
`300`		`300`
`301`		`301`