Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not. This currently works with the default software implementation, but only by accident. It isn't guaranteed to work with new ciphers or with alternative implementations of individual ciphers, and it doesn't work with the PSA wrappers. So don't do it.
This commit is contained in:
parent
aa3402018e
commit
139ec3b913
1 changed files with 14 additions and 0 deletions
|
@ -1011,6 +1011,20 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
|||
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
|
||||
|
||||
/* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
|
||||
TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == 0 );
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( use_psa == 1 )
|
||||
{
|
||||
TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
|
||||
mbedtls_cipher_info_from_type( cipher_id ),
|
||||
tag->len ) );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
|
||||
mbedtls_cipher_info_from_type( cipher_id ) ) );
|
||||
}
|
||||
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
|
||||
MBEDTLS_ENCRYPT ) );
|
||||
|
||||
|
|
Loading…
Reference in a new issue