Fix error checking

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2021-04-29 16:44:59 +02:00
parent 77588fb171
commit 81bf120076
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD

View file

@ -2871,24 +2871,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
*signature_length = 0;
if( operation == PSA_SIGN_MESSAGE )
if( operation == PSA_SIGN_INVALID )
return( PSA_ERROR_INVALID_ARGUMENT );
else
{
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
if( operation == PSA_SIGN_MESSAGE )
{
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
{
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
/* Curently only hash-then-sign algorithms are supported. */
else
return( PSA_ERROR_INVALID_ARGUMENT );
}
else if( operation == PSA_SIGN_INVALID )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Immediately reject a zero-length signature buffer. This guarantees
* that signature must be a valid pointer. (On the other hand, the hash
* buffer can in principle be empty since it doesn't actually have
@ -2962,24 +2964,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
if( operation == PSA_VERIFY_MESSAGE )
if( operation == PSA_VERIFY_INVALID )
return( PSA_ERROR_INVALID_ARGUMENT );
else
{
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
if( operation == PSA_VERIFY_MESSAGE )
{
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
{
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
/* Curently only hash-then-sign algorithms are supported. */
else
return( PSA_ERROR_INVALID_ARGUMENT );
}
else if( operation == PSA_VERIFY_INVALID )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_and_lock_key_slot_with_policy(
key, &slot,
operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :