From e55f3e8de4cdb9e2d5580114d303ede28b0af9b3 Mon Sep 17 00:00:00 2001
From: Steven Cooreman <steven.cooreman@silabs.com>
Date: Wed, 9 Sep 2020 18:41:07 +0200
Subject: [PATCH] Make sure to not call mbedtls_cipher_free on an uninitialised
 context

As pointed out by Gilles

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
---
 library/psa_crypto.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d8c6c1e6d..647ca6286 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4101,12 +4101,18 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
                                                           slot,
                                                           alg );
 
-    if( status == PSA_SUCCESS )
-        operation->accelerator_set = 1;
-
     if( status != PSA_ERROR_NOT_SUPPORTED ||
         psa_key_lifetime_is_external( slot->attr.lifetime ) )
+    {
+        /* Indicate this operation is bound to an accelerator. When the driver
+         * setup succeeded, this indicates to the core to not call any mbedtls_
+         * functions for this operation (contexts are not interoperable).
+         * In case the drivers couldn't setup and there's no way to fallback,
+         * indicate to the core to not call mbedtls_cipher_free on an
+         * uninitialised mbed TLS cipher context. */
+        operation->accelerator_set = 1;
         goto exit;
+    }
 
     /* Proceed with initializing mbed TLS cipher context if no accelerator is
      * available for the given algorithm & key. */