Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm
parent
2522c0b1cd
commit
46c23a051c
1 changed files with 18 additions and 14 deletions
|
|
@ -2489,24 +2489,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
|
||||||
|
|
||||||
*signature_length = 0;
|
*signature_length = 0;
|
||||||
|
|
||||||
if( operation == PSA_SIGN_MESSAGE )
|
if( operation == PSA_SIGN_INVALID )
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
else
|
||||||
{
|
{
|
||||||
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
|
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
|
if( operation == PSA_SIGN_MESSAGE )
|
||||||
|
{
|
||||||
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
||||||
{
|
{
|
||||||
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
|
}
|
||||||
/* Curently only hash-then-sign algorithms are supported. */
|
/* Curently only hash-then-sign algorithms are supported. */
|
||||||
else
|
else
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
|
|
||||||
else if( operation == PSA_SIGN_INVALID )
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
|
|
||||||
/* Immediately reject a zero-length signature buffer. This guarantees
|
/* Immediately reject a zero-length signature buffer. This guarantees
|
||||||
* that signature must be a valid pointer. (On the other hand, the hash
|
* that signature must be a valid pointer. (On the other hand, the hash
|
||||||
* buffer can in principle be empty since it doesn't actually have
|
* buffer can in principle be empty since it doesn't actually have
|
||||||
|
|
@ -2580,24 +2582,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
|
||||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_slot_t *slot;
|
psa_key_slot_t *slot;
|
||||||
|
|
||||||
if( operation == PSA_VERIFY_MESSAGE )
|
if( operation == PSA_VERIFY_INVALID )
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
else
|
||||||
{
|
{
|
||||||
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
|
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
|
||||||
|
if( operation == PSA_VERIFY_MESSAGE )
|
||||||
|
{
|
||||||
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
||||||
{
|
{
|
||||||
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
|
}
|
||||||
/* Curently only hash-then-sign algorithms are supported. */
|
/* Curently only hash-then-sign algorithms are supported. */
|
||||||
else
|
else
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
|
|
||||||
else if( operation == PSA_VERIFY_INVALID )
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
|
|
||||||
status = psa_get_and_lock_key_slot_with_policy(
|
status = psa_get_and_lock_key_slot_with_policy(
|
||||||
key, &slot,
|
key, &slot,
|
||||||
operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :
|
operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue