commit 1d96fff61a26090ea6f4c0ad4ee078b39a912aef
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Jul 02 12:15:39 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:41:11 2018 +0300
tree cf0a86f97fd7daee59dc7e4cd9ac19905cb80fd4
parent aee13338b3a26045a7a8c8ff999312a26c30b6f1

In psa_mac_finish, write a safe output even in the BAD_STATE case

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a2f6897..ca461c2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1510,10 +1510,6 @@
 {
     int ret = 0;
     psa_status_t status = PSA_SUCCESS;
-    if( ! operation->key_set )
-        return( PSA_ERROR_BAD_STATE );
-    if( operation->iv_required && ! operation->iv_set )
-        return( PSA_ERROR_BAD_STATE );
 
     /* Fill the output buffer with something that isn't a valid mac
      * (barring an attack on the mac and deliberately-crafted input),
@@ -1524,6 +1520,11 @@
     if( mac_size != 0 )
         memset( mac, '!', mac_size );
 
+    if( ! operation->key_set )
+        return( PSA_ERROR_BAD_STATE );
+    if( operation->iv_required && ! operation->iv_set )
+        return( PSA_ERROR_BAD_STATE );
+
     if( mac_size < operation->mac_size )
         return( PSA_ERROR_BUFFER_TOO_SMALL );