Simplify error handling of PSA mac operationsg in ssl_msg.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 43b81b4..701f714 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -730,14 +730,13 @@
hmac_failed_etm_disabled:
mbedtls_platform_zeroize( mac, transform->maclen );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_mac_abort( &operation );
- if( status != PSA_SUCCESS )
- {
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
ret = psa_ssl_status_to_mbedtls( status );
-#else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
return( ret );
}
@@ -1102,14 +1101,13 @@
hmac_failed_etm_enabled:
mbedtls_platform_zeroize( mac, transform->maclen );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_mac_abort( &operation );
- if( status != PSA_SUCCESS )
- {
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
ret = psa_ssl_status_to_mbedtls( status );
-#else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
return( ret );
}
@@ -1473,15 +1471,15 @@
hmac_failed_etm_enabled:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_mac_abort( &operation );
- if( status != PSA_SUCCESS )
- {
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
ret = psa_ssl_status_to_mbedtls( status );
#else
mbedtls_platform_zeroize( mac_expect, transform->maclen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret );
return( ret );