Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
parent
2522c0b1cd
commit
46c23a051c
@ -2489,24 +2489,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
|
||||
|
||||
*signature_length = 0;
|
||||
|
||||
if( operation == PSA_SIGN_MESSAGE )
|
||||
if( operation == PSA_SIGN_INVALID )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
else
|
||||
{
|
||||
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
||||
if( operation == PSA_SIGN_MESSAGE )
|
||||
{
|
||||
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
||||
{
|
||||
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
/* Curently only hash-then-sign algorithms are supported. */
|
||||
else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
else if( operation == PSA_SIGN_INVALID )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
/* Immediately reject a zero-length signature buffer. This guarantees
|
||||
* that signature must be a valid pointer. (On the other hand, the hash
|
||||
* buffer can in principle be empty since it doesn't actually have
|
||||
@ -2580,24 +2582,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
if( operation == PSA_VERIFY_MESSAGE )
|
||||
if( operation == PSA_VERIFY_INVALID )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
else
|
||||
{
|
||||
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
||||
if( operation == PSA_VERIFY_MESSAGE )
|
||||
{
|
||||
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
|
||||
{
|
||||
if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
/* Curently only hash-then-sign algorithms are supported. */
|
||||
else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
else if( operation == PSA_VERIFY_INVALID )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_get_and_lock_key_slot_with_policy(
|
||||
key, &slot,
|
||||
operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH :
|
||||
|
Loading…
Reference in New Issue
Block a user