mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-23 03:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Restructure error handling in mbedtls_pk_verify_ext

Browse Source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2022-02-17 10:51:15 -05:00
parent 59550537f0
commit d70fa0e327
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
library/pk.c
View File

@ -371,7 +371,6 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
if( pss_opts->mgf1_hash_id == md_alg && if( pss_opts->mgf1_hash_id == md_alg &&
( (size_t) pss_opts->expected_salt_len == hash_len || ( (size_t) pss_opts->expected_salt_len == hash_len ||
pss_opts->expected_salt_len == MBEDTLS_RSA_SALT_LEN_ANY ) ) pss_opts->expected_salt_len == MBEDTLS_RSA_SALT_LEN_ANY ) )
@ -381,6 +380,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
unsigned char *p; unsigned char *p;
int key_len; int key_len;
size_t signature_length; size_t signature_length;
psa_status_t status = PSA_ERROR_DATA_CORRUPT;
psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;
psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg ); psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg );
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@ -417,14 +418,18 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
mbedtls_pk_get_len( ctx ) : sig_len; mbedtls_pk_get_len( ctx ) : sig_len;
status = psa_verify_hash( key_id, psa_sig_alg, hash, status = psa_verify_hash( key_id, psa_sig_alg, hash,
hash_len, sig, signature_length ); hash_len, sig, signature_length );
psa_destroy_key( key_id ); destruction_status = psa_destroy_key( key_id );
if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) ) if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
return( status == PSA_ERROR_INVALID_SIGNATURE? if( status == PSA_ERROR_INVALID_SIGNATURE )
MBEDTLS_ERR_RSA_VERIFY_FAILED : return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
mbedtls_psa_err_translate_pk( status ) );
if( status == PSA_SUCCESS )
status = destruction_status;
return( mbedtls_psa_err_translate_pk( status ) );
} }
else else
#endif #endif