Revise how output allocation is checked
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 964ae51..dac487e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5332,20 +5332,16 @@
output_length);
exit:
- /* Check for successful allocation of output. */
- if (output != NULL && status != PSA_ERROR_INSUFFICIENT_MEMORY) {
- /* output allocated. */
- if (status != PSA_SUCCESS) {
- /* If an error happens and is not handled properly, the output
- * may be used as a key to protect sensitive data. Arrange for such
- * a key to be random, which is likely to result in decryption or
- * verification errors. This is better than filling the buffer with
- * some constant data such as zeros, which would result in the data
- * being protected with a reproducible, easily knowable key.
- */
- psa_generate_random(output, output_size);
- *output_length = output_size;
- }
+ if (output != NULL && status != PSA_SUCCESS) {
+ /* If an error happens and is not handled properly, the output
+ * may be used as a key to protect sensitive data. Arrange for such
+ * a key to be random, which is likely to result in decryption or
+ * verification errors. This is better than filling the buffer with
+ * some constant data such as zeros, which would result in the data
+ * being protected with a reproducible, easily knowable key.
+ */
+ psa_generate_random(output, output_size);
+ *output_length = output_size;
} else {
/* output allocation failed. */
*output_length = 0;