diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a4a112064..81770bff9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2318,18 +2318,22 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_usage_t usage = - is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; - size_t mac_size = 0; + size_t mac_size; /* A context must be freshly initialized before it can be set up. */ if( operation->id != 0 ) return( PSA_ERROR_BAD_STATE ); + if( ! PSA_ALG_IS_MAC( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_get_and_lock_key_slot_with_policy( - key, &slot, usage, alg ); + key, + &slot, + is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH, + alg ); if( status != PSA_SUCCESS ) - goto exit; + return( status ); psa_key_attributes_t attributes = { .core = slot->attr diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 0189cded8..d8e229325 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -243,7 +243,7 @@ static psa_status_t mac_init( mbedtls_psa_mac_operation_t *operation, psa_algorithm_t alg ) { - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); operation->key_set = 0; @@ -268,8 +268,7 @@ static psa_status_t mac_init( else #endif /* BUILTIN_ALG_HMAC */ { - if( ! PSA_ALG_IS_MAC( alg ) ) - status = PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_NOT_SUPPORTED; } if( status != PSA_SUCCESS )