diff --git a/library/psa_crypto.c b/library/psa_crypto.c index aa1beb57c..fc330ea8b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2871,21 +2871,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, *signature_length = 0; - if( operation == PSA_SIGN_INVALID ) - return( PSA_ERROR_INVALID_ARGUMENT ); - else + switch( operation ) { - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + case PSA_SIGN_HASH: + if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; + + case PSA_SIGN_MESSAGE: + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation == PSA_SIGN_MESSAGE ) - { if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) { if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); } - } + break; + + default: + return( PSA_ERROR_INVALID_ARGUMENT ); } /* Immediately reject a zero-length signature buffer. This guarantees @@ -2961,21 +2966,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - if( operation == PSA_VERIFY_INVALID ) - return( PSA_ERROR_INVALID_ARGUMENT ); - else + switch( operation ) { - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + case PSA_VERIFY_HASH: + if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; + + case PSA_VERIFY_MESSAGE: + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation == PSA_VERIFY_MESSAGE ) - { if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) { if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); } - } + break; + + default: + return( PSA_ERROR_INVALID_ARGUMENT ); } status = psa_get_and_lock_key_slot_with_policy(