commit 46c23a051cb0a1f92d7ead1393a1a3c3c63daf80
author gabor-mezei-arm <gabor.mezei@arm.com> Thu Apr 29 16:44:59 2021 +0200
committer gabor-mezei-arm <gabor.mezei@arm.com> Thu May 13 11:18:58 2021 +0200
tree 49d836b59b6e73289b87feb14ac0a6eca811351a
parent 2522c0b1cd4a0c4782ebac9df7a88bc650908223

Fix error checking

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 33b9707..5b9d8cb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2489,24 +2489,26 @@
 
     *signature_length = 0;
 
-    if( operation == PSA_SIGN_MESSAGE )
+    if( operation == PSA_SIGN_INVALID )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    else
     {
         if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-        if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if( operation == PSA_SIGN_MESSAGE )
         {
-            if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+            {
+                if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+                    return( PSA_ERROR_INVALID_ARGUMENT );
+            }
         }
         /* Curently only hash-then-sign algorithms are supported. */
         else
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 
-    else if( operation == PSA_SIGN_INVALID )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
     /* Immediately reject a zero-length signature buffer. This guarantees
      * that signature must be a valid pointer. (On the other hand, the hash
      * buffer can in principle be empty since it doesn't actually have
@@ -2580,24 +2582,26 @@
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
-    if( operation == PSA_VERIFY_MESSAGE )
+    if( operation == PSA_VERIFY_INVALID )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    else
     {
         if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
             return( PSA_ERROR_INVALID_ARGUMENT );
 
-        if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+        if( operation == PSA_VERIFY_MESSAGE )
         {
-            if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+            {
+                if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+                    return( PSA_ERROR_INVALID_ARGUMENT );
+            }
         }
         /* Curently only hash-then-sign algorithms are supported. */
         else
             return( PSA_ERROR_INVALID_ARGUMENT );
     }
 
-    else if( operation == PSA_VERIFY_INVALID )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
     status = psa_get_and_lock_key_slot_with_policy(
                 key, &slot,
                 operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :