From 1e6bfdff5eb0e3d0b50acd3416ce4545aa5c3d46 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Jul 2018 16:22:47 +0200 Subject: [PATCH] psa_hmac_setup_internal: fix double call of psa_hash_setup In the common case (key no longer than the block size), psa_hash_setup was being called twice in succession. With current implementations this is just a small performance loss, but potentially with alternative implementations this could have lead to a memory leak. --- library/psa_crypto.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b1555631e..7ea614f45 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1424,12 +1424,11 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, if( block_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); - status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); - if( key_length > block_size ) { + status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); + if( status != PSA_SUCCESS ) + goto cleanup; status = psa_hash_update( &hmac->hash_ctx, key, key_length ); if( status != PSA_SUCCESS ) goto cleanup;