mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 11:05:39 +00:00
psa: Don't abort when operations are invalid
In places where we detect a context is in a bad state and there is no sensitive data to clear, simply return PSA_ERROR_BAD_STATE and don't abort on behalf of the application. The application will choose what to do when it gets a bad state error. The motivation for this change is that an application should decide what to do when it misuses the API and encounters a PSA_ERROR_BAD_STATE error. The library should not attempt to abort on behalf of the application, as that may not be the correct thing to do in all circumstances.
This commit is contained in:
parent
36ee5d0fbf
commit
e236c2a13c
|
@ -2128,9 +2128,9 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation,
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_BAD_STATE;
|
psa_status_t status = PSA_ERROR_BAD_STATE;
|
||||||
if( ! operation->key_set )
|
if( ! operation->key_set )
|
||||||
goto cleanup;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
if( operation->iv_required && ! operation->iv_set )
|
if( operation->iv_required && ! operation->iv_set )
|
||||||
goto cleanup;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
operation->has_input = 1;
|
operation->has_input = 1;
|
||||||
|
|
||||||
#if defined(MBEDTLS_CMAC_C)
|
#if defined(MBEDTLS_CMAC_C)
|
||||||
|
@ -2153,10 +2153,9 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation,
|
||||||
{
|
{
|
||||||
/* This shouldn't happen if `operation` was initialized by
|
/* This shouldn't happen if `operation` was initialized by
|
||||||
* a setup function. */
|
* a setup function. */
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup:
|
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
psa_mac_abort( operation );
|
psa_mac_abort( operation );
|
||||||
return( status );
|
return( status );
|
||||||
|
@ -2264,13 +2263,11 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
|
||||||
|
|
||||||
if( ! operation->is_sign )
|
if( ! operation->is_sign )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
goto cleanup;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_finish_internal( operation, mac, mac_size );
|
status = psa_mac_finish_internal( operation, mac, mac_size );
|
||||||
|
|
||||||
cleanup:
|
|
||||||
if( status == PSA_SUCCESS )
|
if( status == PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
status = psa_mac_abort( operation );
|
status = psa_mac_abort( operation );
|
||||||
|
@ -2298,8 +2295,7 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
|
||||||
|
|
||||||
if( operation->is_sign )
|
if( operation->is_sign )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
goto cleanup;
|
|
||||||
}
|
}
|
||||||
if( operation->mac_size != mac_length )
|
if( operation->mac_size != mac_length )
|
||||||
{
|
{
|
||||||
|
@ -3028,8 +3024,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
|
||||||
int ret;
|
int ret;
|
||||||
if( operation->iv_set || ! operation->iv_required )
|
if( operation->iv_set || ! operation->iv_required )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
goto exit;
|
|
||||||
}
|
}
|
||||||
if( iv_size < operation->iv_size )
|
if( iv_size < operation->iv_size )
|
||||||
{
|
{
|
||||||
|
@ -3061,8 +3056,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
|
||||||
int ret;
|
int ret;
|
||||||
if( operation->iv_set || ! operation->iv_required )
|
if( operation->iv_set || ! operation->iv_required )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
goto exit;
|
|
||||||
}
|
}
|
||||||
if( iv_length != operation->iv_size )
|
if( iv_length != operation->iv_size )
|
||||||
{
|
{
|
||||||
|
@ -3136,13 +3130,11 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
|
||||||
|
|
||||||
if( ! operation->key_set )
|
if( ! operation->key_set )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
goto error;
|
|
||||||
}
|
}
|
||||||
if( operation->iv_required && ! operation->iv_set )
|
if( operation->iv_required && ! operation->iv_set )
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_BAD_STATE;
|
return( PSA_ERROR_BAD_STATE );
|
||||||
goto error;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT &&
|
if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT &&
|
||||||
|
|
Loading…
Reference in a new issue