From ac1b3fd5b6b12f9cf4821ecb493a700c57a696ea Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Thu, 20 May 2021 14:33:13 +0100
Subject: [PATCH] Ensure that key gets unlocked in case of error

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9c7a380d5..adf3b2b7a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3280,14 +3280,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
 
     operation->key_type = psa_get_key_type( &attributes );
 
+exit:
+
     unlock_status = psa_unlock_key_slot( slot );
 
     if( unlock_status != PSA_SUCCESS )
-    {
         status = unlock_status;
-    }
-
-exit:
 
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );
@@ -3339,15 +3337,18 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
                                                     &attributes, slot->key.data,
                                                     slot->key.bytes, alg );
 
+    if( status != PSA_SUCCESS )
+        goto exit;
+
     operation->key_type = psa_get_key_type( &attributes );
 
+exit:
+
     unlock_status = psa_unlock_key_slot( slot );
 
     if( unlock_status != PSA_SUCCESS )
         status = unlock_status;
 
-exit:
-
     if( status == PSA_SUCCESS )
         operation->alg = psa_aead_get_base_algorithm( alg );
     else