From f9c2c09810a2ba0cdca72b08b5eafe8872a7e150 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 16:57:07 +0200 Subject: [PATCH] In abort functions, return BAD_STATE on obviously bad input psa_hash_abort, psa_mac_abort and psa_cipher_abort now return PSA_ERROR_BAD_STATE if operation->alg is obviously not valid, which can only happen due to a programming error in the caller or in the library. We can't detect all cases of calling abort on uninitialized memory but this is dirt cheap and better than nothing. --- library/psa_crypto.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fc73b2cf2..12c21d7b6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -822,7 +822,7 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) break; #endif default: - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_BAD_STATE ); } operation->alg = 0; return( PSA_SUCCESS ); @@ -1231,7 +1231,11 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) } else #endif /* MBEDTLS_MD_C */ - return( PSA_ERROR_NOT_SUPPORTED ); + { + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + return( PSA_ERROR_BAD_STATE ); + } } operation->alg = 0; @@ -2218,6 +2222,11 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( operation->alg == 0 ) return( PSA_SUCCESS ); + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) + return( PSA_ERROR_BAD_STATE ); + mbedtls_cipher_free( &operation->ctx.cipher ); operation->alg = 0;