Simplify error handling of PSA mac operationsg in ssl_msg.c

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2025-03-04 04:13:40 +00:00 · 2022-03-02 15:14:07 +01:00 · 2022-03-02 15:14:07 +01:00 · 4313f55a13
commit 4313f55a13
parent 321116c755
1 changed files with 12 additions and 14 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -730,14 +730,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
    hmac_failed_etm_disabled:
        mbedtls_platform_zeroize( mac, transform->maclen );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        psa_mac_abort( &operation );
-        if( status != PSA_SUCCESS )
-        {
+        ret = psa_ssl_status_to_mbedtls( status );
+        status = psa_mac_abort( &operation );
+        if( ret == 0 && status != PSA_SUCCESS )
            ret = psa_ssl_status_to_mbedtls( status );
-#else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
        if( ret != 0 )
        {
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
            return( ret );
        }
@ -1102,14 +1101,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
        hmac_failed_etm_enabled:
            mbedtls_platform_zeroize( mac, transform->maclen );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            psa_mac_abort( &operation );
-            if( status != PSA_SUCCESS )
-            {
+            ret = psa_ssl_status_to_mbedtls( status );
+            status = psa_mac_abort( &operation );
+            if( ret == 0 && status != PSA_SUCCESS )
                ret = psa_ssl_status_to_mbedtls( status );
-#else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
            if( ret != 0 )
            {
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
                return( ret );
            }
@ -1473,15 +1471,15 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,

        hmac_failed_etm_enabled:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            psa_mac_abort( &operation );
-            if( status != PSA_SUCCESS )
-            {
+            ret = psa_ssl_status_to_mbedtls( status );
+            status = psa_mac_abort( &operation );
+            if( ret == 0 && status != PSA_SUCCESS )
                ret = psa_ssl_status_to_mbedtls( status );
 #else
            mbedtls_platform_zeroize( mac_expect, transform->maclen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
            if( ret != 0 )
            {
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret );
                return( ret );