Make mbedtls_sa_ecp_load_public_part return psa_status_t

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2025-02-25 00:39:55 +00:00 · 2023-02-15 17:32:42 +00:00 · 2023-02-15 17:32:42 +00:00 · 2c9843f2a4
commit 2c9843f2a4
parent efebad0d67
3 changed files with 28 additions and 20 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3787,10 +3787,10 @@ psa_status_t mbedtls_psa_verify_hash_start(
        return status;
    }

-    int ret = mbedtls_psa_ecp_load_public_part(operation->ctx);
+    status = mbedtls_psa_ecp_load_public_part(operation->ctx);

-    if (ret != 0) {
-        return mbedtls_to_psa_error(ret);
+    if (status != PSA_SUCCESS) {
+        return status;
    }

    /* We only need to store the same length of hash as the private key size
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@ -404,7 +404,7 @@ cleanup:
    return mbedtls_to_psa_error(ret);
 }

-int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp)
+psa_status_t mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp)
 {
    int ret = 0;

@ -416,7 +416,7 @@ int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp)
                              MBEDTLS_PSA_RANDOM_STATE);
    }

-    return ret;
+    return mbedtls_to_psa_error(ret);
 }

 psa_status_t mbedtls_psa_ecdsa_verify_hash(
@ -427,7 +427,6 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
 {
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    mbedtls_ecp_keypair *ecp = NULL;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t curve_bytes;
    mbedtls_mpi r, s;

@ -447,30 +446,39 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
    mbedtls_mpi_init(&s);

    if (signature_length != 2 * curve_bytes) {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+        status = PSA_ERROR_INVALID_SIGNATURE;
        goto cleanup;
    }

-    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r,
-                                            signature,
-                                            curve_bytes));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&s,
-                                            signature + curve_bytes,
-                                            curve_bytes));
+    status = mbedtls_to_psa_error(mbedtls_mpi_read_binary(&r,
+                                                          signature,
+                                                          curve_bytes));
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }

-    MBEDTLS_MPI_CHK(mbedtls_psa_ecp_load_public_part(ecp));
+    status = mbedtls_to_psa_error(mbedtls_mpi_read_binary(&s,
+                                                          signature + curve_bytes,
+                                                          curve_bytes));
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }

+    status = mbedtls_psa_ecp_load_public_part(ecp);
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }

-    ret = mbedtls_ecdsa_verify(&ecp->grp, hash, hash_length,
-                               &ecp->Q, &r, &s);
-
+    status = mbedtls_to_psa_error(mbedtls_ecdsa_verify(&ecp->grp, hash,
+                                                       hash_length, &ecp->Q,
+                                                       &r, &s));
 cleanup:
    mbedtls_mpi_free(&r);
    mbedtls_mpi_free(&s);
    mbedtls_ecp_keypair_free(ecp);
    mbedtls_free(ecp);

-    return mbedtls_to_psa_error(ret);
+    return status;
 }

 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@ -52,10 +52,10 @@ psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type,
 *
 * \param ecp               The ECP context to load the public part for.
 *
- * \return 0 on success, otherwise an MPI error.
+ * \return PSA_SUCCESS on success, otherwise an MPI error.
 */

-int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp);
+psa_status_t mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp);

 /** Import an ECP key in binary format.
 *