Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 33b9707..5b9d8cb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2489,24 +2489,26 @@
*signature_length = 0;
- if( operation == PSA_SIGN_MESSAGE )
+ if( operation == PSA_SIGN_INVALID )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ else
{
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if( operation == PSA_SIGN_MESSAGE )
{
- if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ {
+ if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
}
/* Curently only hash-then-sign algorithms are supported. */
else
return( PSA_ERROR_INVALID_ARGUMENT );
}
- else if( operation == PSA_SIGN_INVALID )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
/* Immediately reject a zero-length signature buffer. This guarantees
* that signature must be a valid pointer. (On the other hand, the hash
* buffer can in principle be empty since it doesn't actually have
@@ -2580,24 +2582,26 @@
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
- if( operation == PSA_VERIFY_MESSAGE )
+ if( operation == PSA_VERIFY_INVALID )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ else
{
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ if( operation == PSA_VERIFY_MESSAGE )
{
- if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ {
+ if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
}
/* Curently only hash-then-sign algorithms are supported. */
else
return( PSA_ERROR_INVALID_ARGUMENT );
}
- else if( operation == PSA_VERIFY_INVALID )
- return( PSA_ERROR_INVALID_ARGUMENT );
-
status = psa_get_and_lock_key_slot_with_policy(
key, &slot,
operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :