Don't call mbedtls_cipher_setkey twice

The documentation doesn't explicitly say whether it's allowed or not. This currently works with the default software implementation, but only by accident. It isn't guaranteed to work with new ciphers or with alternative implementations of individual ciphers, and it doesn't work with the PSA wrappers. So don't do it.
2019-04-16 15:25:20 +02:00 · 2019-04-16 15:25:20 +02:00 · 139ec3b913
commit 139ec3b913
parent aa3402018e
1 changed files with 14 additions and 0 deletions
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@ -1011,6 +1011,20 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
    TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );

    /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
+    TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == 0 );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( use_psa == 1 )
+    {
+        TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
+                              mbedtls_cipher_info_from_type( cipher_id ),
+                              tag->len ) );
+    }
+    else
+#endif
+    {
+        TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
+                              mbedtls_cipher_info_from_type( cipher_id ) ) );
+    }
    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
                                             MBEDTLS_ENCRYPT ) );