From d73e1b0ccd835df397f4fb3cfcfb52df0cd6e646 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 24 Jun 2021 16:19:08 +0100 Subject: [PATCH] Tidy up logic in psa_mac_sign_finish Simplify the logic in psa_mac_sign_finish. Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c0f419c43..a3a4b7ba8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2483,12 +2483,8 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - /* Set the output length and content to a safe default, such that in - * case the caller misses an error check, the output would be an - * unachievable MAC. */ - *mac_length = mac_size; - - if( operation->id == 0 ) { + if( operation->id == 0 ) + { status = PSA_ERROR_BAD_STATE; goto cleanup; } @@ -2517,6 +2513,7 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, mac, operation->mac_size, mac_length ); +cleanup: /* In case of success, set the potential excess room in the output buffer * to an invalid value, to avoid potentially leaking a longer MAC. * In case of error, set the output length and content to a safe default, @@ -2533,7 +2530,6 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, memset( &mac[operation->mac_size], '!', mac_size - operation->mac_size ); -cleanup: abort_status = psa_mac_abort( operation ); return( status == PSA_SUCCESS ? abort_status : status );