From 534bd7c33b6acfccb48a85532bf4c52d7ffbaca6 Mon Sep 17 00:00:00 2001 From: itayzafrir Date: Thu, 2 Aug 2018 13:56:32 +0300 Subject: [PATCH] Add missing calls to psa_cipher_abort in cipher functions --- library/psa_crypto.c | 65 +++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b94e0e6a5..316acbe64 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2478,53 +2478,59 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, size_t iv_size, size_t *iv_length ) { - int ret = PSA_SUCCESS; + psa_status_t status; + int ret; if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } if( iv_size < operation->iv_size ) { - ret = PSA_ERROR_BUFFER_TOO_SMALL; + status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, iv, operation->iv_size ); if( ret != 0 ) { - ret = mbedtls_to_psa_error( ret ); + status = mbedtls_to_psa_error( ret ); goto exit; } *iv_length = operation->iv_size; - ret = psa_cipher_set_iv( operation, iv, *iv_length ); + status = psa_cipher_set_iv( operation, iv, *iv_length ); exit: - if( ret != PSA_SUCCESS ) + if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); - return( ret ); + return( status ); } psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, const unsigned char *iv, size_t iv_length ) { - int ret = PSA_SUCCESS; + psa_status_t status; + int ret; if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } if( iv_length != operation->iv_size ) { - psa_cipher_abort( operation ); - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } - ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); - if( ret != 0 ) - { + ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); + status = mbedtls_to_psa_error( ret ); +exit: + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + else psa_cipher_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); - } - - operation->iv_set = 1; - - return( PSA_SUCCESS ); + return( status ); } psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, @@ -2534,7 +2540,8 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + psa_status_t status; + int ret; size_t expected_output_size; if( PSA_ALG_IS_BLOCK_CIPHER( operation->alg ) ) { @@ -2550,18 +2557,20 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { expected_output_size = input_length; } + if( output_size < expected_output_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } ret = mbedtls_cipher_update( &operation->ctx.cipher, input, input_length, output, output_length ); - if( ret != 0 ) - { + status = mbedtls_to_psa_error( ret ); +exit: + if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); - } - - return( PSA_SUCCESS ); + return( status ); } psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,