diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c7d5a67807..316acbe64e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1110,6 +1110,7 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation, size_t hash_size, size_t *hash_length ) { + psa_status_t status; int ret; size_t actual_hash_length = PSA_HASH_SIZE( operation->alg ); @@ -1123,7 +1124,10 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation, memset( hash, '!', hash_size ); if( hash_size < actual_hash_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } switch( operation->alg ) { @@ -1168,8 +1172,10 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation, ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; break; } + status = mbedtls_to_psa_error( ret ); - if( ret == 0 ) +exit: + if( status == PSA_SUCCESS ) { *hash_length = actual_hash_length; return( psa_hash_abort( operation ) ); @@ -1177,7 +1183,7 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation, else { psa_hash_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); + return( status ); } } @@ -2472,53 +2478,59 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, size_t iv_size, size_t *iv_length ) { - int ret = PSA_SUCCESS; + psa_status_t status; + int ret; if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } if( iv_size < operation->iv_size ) { - ret = PSA_ERROR_BUFFER_TOO_SMALL; + status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, iv, operation->iv_size ); if( ret != 0 ) { - ret = mbedtls_to_psa_error( ret ); + status = mbedtls_to_psa_error( ret ); goto exit; } *iv_length = operation->iv_size; - ret = psa_cipher_set_iv( operation, iv, *iv_length ); + status = psa_cipher_set_iv( operation, iv, *iv_length ); exit: - if( ret != PSA_SUCCESS ) + if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); - return( ret ); + return( status ); } psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, const unsigned char *iv, size_t iv_length ) { - int ret = PSA_SUCCESS; + psa_status_t status; + int ret; if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } if( iv_length != operation->iv_size ) { - psa_cipher_abort( operation ); - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } - ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); - if( ret != 0 ) - { + ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); + status = mbedtls_to_psa_error( ret ); +exit: + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + else psa_cipher_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); - } - - operation->iv_set = 1; - - return( PSA_SUCCESS ); + return( status ); } psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, @@ -2528,7 +2540,8 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + psa_status_t status; + int ret; size_t expected_output_size; if( PSA_ALG_IS_BLOCK_CIPHER( operation->alg ) ) { @@ -2544,18 +2557,20 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { expected_output_size = input_length; } + if( output_size < expected_output_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } ret = mbedtls_cipher_update( &operation->ctx.cipher, input, input_length, output, output_length ); - if( ret != 0 ) - { + status = mbedtls_to_psa_error( ret ); +exit: + if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); - } - - return( PSA_SUCCESS ); + return( status ); } psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,