Add missing calls to psa_cipher_abort in cipher functions

2025-03-28 23:47:02 +00:00 · 2018-08-02 13:56:32 +03:00 · 2018-08-02 13:56:32 +03:00 · 534bd7c33b
parent 40835d4e56
commit 534bd7c33b
1 changed files with 37 additions and 28 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2478,53 +2478,59 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
                                     size_t iv_size,
                                     size_t *iv_length )
 {
-    int ret = PSA_SUCCESS;
+    psa_status_t status;
+    int ret;
    if( operation->iv_set || ! operation->iv_required )
-        return( PSA_ERROR_BAD_STATE );
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
    if( iv_size < operation->iv_size )
    {
-        ret = PSA_ERROR_BUFFER_TOO_SMALL;
+        status = PSA_ERROR_BUFFER_TOO_SMALL;
        goto exit;
    }
    ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
                                   iv, operation->iv_size );
    if( ret != 0 )
    {
-        ret = mbedtls_to_psa_error( ret );
+        status = mbedtls_to_psa_error( ret );
        goto exit;
    }

    *iv_length = operation->iv_size;
-    ret = psa_cipher_set_iv( operation, iv, *iv_length );
+    status = psa_cipher_set_iv( operation, iv, *iv_length );

 exit:
-    if( ret != PSA_SUCCESS )
+    if( status != PSA_SUCCESS )
        psa_cipher_abort( operation );
-    return( ret );
+    return( status );
 }

 psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
                                const unsigned char *iv,
                                size_t iv_length )
 {
-    int ret = PSA_SUCCESS;
+    psa_status_t status;
+    int ret;
    if( operation->iv_set || ! operation->iv_required )
-        return( PSA_ERROR_BAD_STATE );
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
    if( iv_length != operation->iv_size )
    {
-        psa_cipher_abort( operation );
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
    }
-    ret =  mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
-    if( ret != 0 )
-    {
+    ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
+    status = mbedtls_to_psa_error( ret );
+exit:
+    if( status == PSA_SUCCESS )
+        operation->iv_set = 1;
+    else
        psa_cipher_abort( operation );
-        return( mbedtls_to_psa_error( ret ) );
-    }
-
-    operation->iv_set = 1;
-
-    return( PSA_SUCCESS );
+    return( status );
 }

 psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
@ -2534,7 +2540,8 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
                                size_t output_size,
                                size_t *output_length )
 {
-    int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+    psa_status_t status;
+    int ret;
    size_t expected_output_size;
    if( PSA_ALG_IS_BLOCK_CIPHER( operation->alg ) )
    {
@ -2550,18 +2557,20 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
    {
        expected_output_size = input_length;
    }
+
    if( output_size < expected_output_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    {
+        status = PSA_ERROR_BUFFER_TOO_SMALL;
+        goto exit;
+    }

    ret = mbedtls_cipher_update( &operation->ctx.cipher, input,
                                 input_length, output, output_length );
-    if( ret != 0 )
-    {
+    status = mbedtls_to_psa_error( ret );
+exit:
+    if( status != PSA_SUCCESS )
        psa_cipher_abort( operation );
-        return( mbedtls_to_psa_error( ret ) );
-    }
-
-    return( PSA_SUCCESS );
+    return( status );
 }

 psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,