Fix error checking

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2024-11-23 16:55:47 +01:00 · 2021-04-29 16:44:59 +02:00 · 2021-04-29 16:44:59 +02:00 · 81bf120076
commit 81bf120076
parent 77588fb171
1 changed files with 18 additions and 14 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2871,24 +2871,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,

    *signature_length = 0;

-    if( operation == PSA_SIGN_MESSAGE )
+    if( operation == PSA_SIGN_INVALID )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    else
    {
        if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
            return( PSA_ERROR_INVALID_ARGUMENT );

-        if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if( operation == PSA_SIGN_MESSAGE )
        {
-            if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+            {
+                if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+                    return( PSA_ERROR_INVALID_ARGUMENT );
+            }
        }
        /* Curently only hash-then-sign algorithms are supported. */
        else
            return( PSA_ERROR_INVALID_ARGUMENT );
    }

-    else if( operation == PSA_SIGN_INVALID )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
    /* Immediately reject a zero-length signature buffer. This guarantees
     * that signature must be a valid pointer. (On the other hand, the hash
     * buffer can in principle be empty since it doesn't actually have
@ -2962,24 +2964,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_key_slot_t *slot;

-    if( operation == PSA_VERIFY_MESSAGE )
+    if( operation == PSA_VERIFY_INVALID )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    else
    {
        if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
            return( PSA_ERROR_INVALID_ARGUMENT );

-        if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if( operation == PSA_VERIFY_MESSAGE )
        {
-            if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+            {
+                if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+                    return( PSA_ERROR_INVALID_ARGUMENT );
+            }
        }
        /* Curently only hash-then-sign algorithms are supported. */
        else
            return( PSA_ERROR_INVALID_ARGUMENT );
    }

-    else if( operation == PSA_VERIFY_INVALID )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
    status = psa_get_and_lock_key_slot_with_policy(
                key, &slot,
                operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :