PSA asymmetric signature: set *signature_length = 0 on failure
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2565232..66d81a3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -446,6 +446,10 @@
{
key_slot_t *slot;
+ *signature_length = 0;
+ (void) salt;
+ (void) salt_length;
+
if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
return( PSA_ERROR_EMPTY_SLOT );
slot = &global_data.key_slots[key];
@@ -454,9 +458,6 @@
if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- (void) salt;
- (void) salt_length;
-
#if defined(MBEDTLS_RSA_C)
if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
{
@@ -512,7 +513,8 @@
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
- *signature_length = ( ret == 0 ? rsa->len : 0 );
+ if( ret == 0 )
+ *signature_length = rsa->len;
return( mbedtls_to_psa_error( ret ) );
}
else
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 80a7788..c5d536e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -159,9 +159,9 @@
size_t input_size;
unsigned char *output_data = NULL;
size_t output_size;
- size_t signature_length;
unsigned char *signature = NULL;
size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
key_data = mbedtls_calloc( 1, strlen( key_hex ) / 2 );
TEST_ASSERT( key_data != NULL );
@@ -219,7 +219,7 @@
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
unsigned char *signature;
- size_t signature_length;
+ size_t signature_length = 0xdeadbeef;
key_data = mbedtls_calloc( 1, strlen( key_hex ) / 2 );
TEST_ASSERT( key_data != NULL );
@@ -241,6 +241,7 @@
signature, signature_size,
&signature_length );
TEST_ASSERT( actual_status == expected_status );
+ TEST_ASSERT( signature_length == 0 );
exit:
psa_destroy_key( slot );