From 4313f55a13275e9cdccafb005de989d4b694cc19 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Wed, 2 Mar 2022 15:14:07 +0100
Subject: [PATCH] Simplify error handling of PSA mac operationsg in ssl_msg.c

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/ssl_msg.c | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 43b81b437..701f7146f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -730,14 +730,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
     hmac_failed_etm_disabled:
         mbedtls_platform_zeroize( mac, transform->maclen );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        psa_mac_abort( &operation );
-        if( status != PSA_SUCCESS )
-        {
+        ret = psa_ssl_status_to_mbedtls( status );
+        status = psa_mac_abort( &operation );
+        if( ret == 0 && status != PSA_SUCCESS )
             ret = psa_ssl_status_to_mbedtls( status );
-#else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
         if( ret != 0 )
         {
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
             return( ret );
         }
@@ -1102,14 +1101,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
         hmac_failed_etm_enabled:
             mbedtls_platform_zeroize( mac, transform->maclen );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            psa_mac_abort( &operation );
-            if( status != PSA_SUCCESS )
-            {
+            ret = psa_ssl_status_to_mbedtls( status );
+            status = psa_mac_abort( &operation );
+            if( ret == 0 && status != PSA_SUCCESS )
                 ret = psa_ssl_status_to_mbedtls( status );
-#else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
             if( ret != 0 )
             {
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                 MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
                 return( ret );
             }
@@ -1473,15 +1471,15 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
 
         hmac_failed_etm_enabled:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            psa_mac_abort( &operation );
-            if( status != PSA_SUCCESS )
-            {
+            ret = psa_ssl_status_to_mbedtls( status );
+            status = psa_mac_abort( &operation );
+            if( ret == 0 && status != PSA_SUCCESS )
                 ret = psa_ssl_status_to_mbedtls( status );
 #else
             mbedtls_platform_zeroize( mac_expect, transform->maclen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
             if( ret != 0 )
             {
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                 if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
                     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret );
                 return( ret );